Awesome Golang Security resources
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
CONTRIBUTING.md Fix Typo Dec 27, 2018
README.md Add suggested items Jan 8, 2019
code-of-conduct.md Start out with the list Nov 10, 2018

README.md


A curated list of awesome golang Security related resources.

Awesome

List inspired by the awesome list thing.

Supported by: GuardRails.io


Tools

Web Framework Hardening

  • nosurf - CSRF protection middleware for Go.
  • gorilla/csrf - Provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services.
  • gorilla/securecookie - Encodes and decodes authenticated and optionally encrypted cookie values for Go web applications.
  • secure - Secure is an HTTP middleware for Go that facilitates most of your security needs for web applications.
  • unindexed - A drop-in replacement for http.Dir which disables directory indexing.
  • beego-security-headers - beego framework filter for easy security headers management.

Libraries

  • paseto - Platform-Agnostic Security Tokens implementation in GO (Golang)
  • hsts - Go HTTP Strict Transport Security library
  • jwt-go - Golang implementation of JSON Web Tokens (JWT)

Static Code Analysis

  • safesql - Static analysis tool for Golang that protects against SQL injections. It does not seem to be actively maintained at the moment.
  • gosec - Inspects source code for security problems by scanning the Go AST and matching it with a set of rules. Comes bundled in a Docker container securego/gosec
  • gometalinter - Concurrently runs most of the existing go linters and normalizes their output.

Vulnerabilities and Security Advisories

Private Key Infrastructure

  • CloudFlare SSL - CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates.

Educational

Hacking Playground

  • govwa - A vulnerable golang application including the most common vulnerabilities found in web applications today
  • Lambhack - A very vulnerable serverless application in AWS Lambda

Articles, Guides & Talks

Companies

  • GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
  • Snyk - A developer-first solution that automates finding & fixing known vulnerabilities in your dependencies.

Other

Reporting Bugs

Contributing

Found an awesome project, package, article, or another type of resources related to golang Security? Send me a pull request! Just follow the guidelines. Thank you!


say hi on Twitter

License

CC0