guardrailsio / Awesome Golang Security
Awesome Golang Security resources πΆπ
Stars: β 1,355
Programming Languages
golang
3204 projects
Projects that are alternatives of or similar to Awesome Golang Security
Awesome Dotnet Security
Awesome .NET Security Resources
Stars: β 325 (-76.01%)
Mutual labels: static-analysis, security-tools
Squealer
Telling tales on you for leaking secrets!
Stars: β 97 (-92.84%)
Mutual labels: static-analysis, security-tools
Wssat
WEB SERVICE SECURITY ASSESSMENT TOOL
Stars: β 360 (-73.43%)
Mutual labels: static-analysis, security-tools
Awesome Java Security
Awesome Java Security Resources πΆβπ
Stars: β 216 (-84.06%)
Mutual labels: static-analysis, security-tools
Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: β 509 (-62.44%)
Mutual labels: static-analysis, security-tools
Insider
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: β 216 (-84.06%)
Mutual labels: static-analysis, security-tools
Huskyci
Performing security tests inside your CI
Stars: β 398 (-70.63%)
Mutual labels: static-analysis, security-tools
Applicationinspector
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: β 3,873 (+185.83%)
Mutual labels: static-analysis, security-tools
Amdh
Android Mobile Device Hardening
Stars: β 95 (-92.99%)
Mutual labels: static-analysis, security-tools
Salus
Security scanner coordinator
Stars: β 441 (-67.45%)
Mutual labels: static-analysis, security-tools
Vulny Code Static Analysis
Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Stars: β 207 (-84.72%)
Mutual labels: static-analysis, security-tools
Brakeman
A static analysis security vulnerability scanner for Ruby on Rails applications
Stars: β 6,281 (+363.54%)
Mutual labels: static-analysis, security-tools
Njsscan
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: β 128 (-90.55%)
Mutual labels: static-analysis, security-tools
Krane
Kubernetes RBAC static Analysis & visualisation tool
Stars: β 254 (-81.25%)
Mutual labels: static-analysis, security-tools
Gosec
Golang security checker
Stars: β 5,694 (+320.22%)
Mutual labels: static-analysis, security-tools
Jsprime
a javascript static security analysis tool
Stars: β 556 (-58.97%)
Mutual labels: static-analysis, security-tools
Awesome Python Security
Awesome Python Security resources πΆππ
Stars: β 738 (-45.54%)
Mutual labels: static-analysis, security-tools
Password Leak
A library to check for compromised passwords
Stars: β 92 (-93.21%)
Mutual labels: security-tools
K8s Security Dashboard
A security monitoring solution for Kubernetes
Stars: β 97 (-92.84%)
Mutual labels: security-tools
A curated list of awesome golang Security related resources.
List inspired by the awesome list thing.
Supported by: GuardRails.io
Contents
Tools
Web Framework Hardening
- nosurf - CSRF protection middleware for Go.
- gorilla/csrf - Provides Cross-Site Request Forgery (CSRF) prevention middleware for Go web applications & services.
- gorilla/securecookie - Encodes and decodes authenticated and optionally encrypted cookie values for Go web applications.
- secure - Secure is an HTTP middleware for Go that facilitates most of your security needs for web applications.
-
unindexed - A drop-in replacement for
http.Dir
which disables directory indexing. - beego-security-headers - beego framework filter for easy security headers management.
Libraries
- paseto - Platform-Agnostic Security Tokens implementation in GO (Golang)
- hsts - Go HTTP Strict Transport Security library
- jwt-go - Golang implementation of JSON Web Tokens (JWT)
Static Code Analysis
- safesql - Static analysis tool for Golang that protects against SQL injections. It does not seem to be actively maintained at the moment.
- gosec - Inspects source code for security problems by scanning the Go AST and matching it with a set of rules. Comes bundled in a Docker container securego/gosec
- gometalinter - Concurrently runs most of the existing go linters and normalizes their output.
Vulnerabilities and Security Advisories
- golang-announce - The golang release mailing list. Language-specific security issues are announced here.
- snyk Vulnerability DB - Commercial but free listing of known vulnerabilities in libraries.
- Common Vulnerabilities and Exposures - Vulnerabilities that were assigned a CVE. Covers the language and packages.
- National Vulnerability Database - Golang known vulnerabilities in the National Vulnerability Database.
Private Key Infrastructure
- CloudFlare SSL - CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates.
Educational
Hacking Playground
- govwa - A vulnerable golang application including the most common vulnerabilities found in web applications today
- Lambhack - A very vulnerable serverless application in AWS Lambda
Articles, Guides & Talks
- gosea - Go Secure Example Application (GOSEA)
- Go - Secure Coding Practices by OWASP - [PDF] Talk given by Sulhaedir at the OWASP Jakarta meetup.
- OWASP Go - Secure Coding Practices by Checkmarx - Go programming language secure coding practices guide
- Memory Security in golang - Handling data securely in memory.
- A Go Programmer's Guide to Secure Connections - [Video] GopherCon 2018, Liz Rice
- golang-tls - Simple Golang HTTPS/TLS Examples.
- Hacking with Go - Hacking with Go for security professionals.
- ReDoS in Go by Checkmarx - Diving Deep into Regular Expression Denial of Service (ReDoS) in Go
- Attacking Go: A detailed description on Security assessment techniques for Go projects
Other
Reporting Bugs
Contributing
Found an awesome project, package, article, or another type of resources related to golang Security? Submit a pull request! Just follow the guidelines. Thank you!
License
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].