Security for Gophers
Mat, Filippo, Johan, and Roberto discuss security in Go. Does Go make it easy to secure your code? What common mistakes are Gophers making? What is fuzzing? How can attackers abuse your code if you use the default http mux?
Changelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!
KubeCon + CloudNativeCon – The Cloud Native Computing Foundation’s flagship Kubernetes community conference which gathers adopters and technologists from leading open source and cloud native communities. Learn more and register — get 10% off with the code
KCNACHANGELOG19Feel free to use the Convince Your Boss letter in part or in full so you can your team can attend.
- TeamCity by JetBrains – Build and release your software faster with TeamCity — a self-hosted continuous integration and delivery server developed by JetBrains. TeamCity is super-smart at running incremental builds, reusing artifacts, and building only what needs to be built, which can save over 30% of the daily build time. Learn more at teamcity.com/gotime.
Linode – Our cloud server of choice. Deploy a fast, efficient, native SSD cloud server for only $5/month. Get 4 months free using the code
changelog2019. Start your server - head to linode.com/changelog.
- Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform. Learn more at fastly.com.
- Filippo Valsorda – Twitter, GitHub, Website
- Johan Brandhorst – Twitter, GitHub, Website
- Roberto Clapis – Twitter, GitHub
- Mat Ryer – Twitter, GitHub, LinkedIn, Website
Notes and Links
- Go Playground example #1 - this demonstrates the sql safety pattern that Roberto mentions in the episode.
- Go Playground example #2 - this demonstrates the stringer pattern mentioned by Roberto to avoid printing passwords out in logs.
- go-fuzz package - a package for generating random inputs for your code.
- So you want to expose Go on the Internet - although this needs updating, it was written by Filippo to help others tackle the challenge of securely exposing Go services to the internet.
Something missing or broken? PRs welcome!