Contents

• Tools
• Educational
• Companies
• Other
• Contributing

Tools

Web Framework Hardening

• nosurf - CSRF protection middleware for Go.
• gorilla/csrf - Provides Cross-Site Request Forgery (CSRF) prevention middleware for Go web applications & services.
• gorilla/securecookie - Encodes and decodes authenticated and optionally encrypted cookie values for Go web applications.
• secure - Secure is an HTTP middleware for Go that facilitates most of your security needs for web applications.
• unindexed - A drop-in replacement for http.Dir which disables directory indexing.
• beego-security-headers - beego framework filter for easy security headers management.

Libraries

• paseto - Platform-Agnostic Security Tokens implementation in GO (Golang)
• hsts - Go HTTP Strict Transport Security library
• jwt-go - Golang implementation of JSON Web Tokens (JWT)

Static Code Analysis

• safesql - Static analysis tool for Golang that protects against SQL injections. It does not seem to be actively maintained at the moment.
• gosec - Inspects source code for security problems by scanning the Go AST and matching it with a set of rules. Comes bundled in a Docker container securego/gosec
• gometalinter - Concurrently runs most of the existing go linters and normalizes their output.

Vulnerabilities and Security Advisories

• golang-announce - The golang release mailing list. Language-specific security issues are announced here.
• snyk Vulnerability DB - Commercial but free listing of known vulnerabilities in libraries.
• Common Vulnerabilities and Exposures - Vulnerabilities that were assigned a CVE. Covers the language and packages.
• National Vulnerability Database - Golang known vulnerabilities in the National Vulnerability Database.

Private Key Infrastructure

• CloudFlare SSL - CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates.

Educational

Hacking Playground

• govwa - A vulnerable golang application including the most common vulnerabilities found in web applications today
• Lambhack - A very vulnerable serverless application in AWS Lambda

Articles, Guides & Talks

• gosea - Go Secure Example Application (GOSEA)
• Go - Secure Coding Practices by OWASP - [PDF] Talk given by Sulhaedir at the OWASP Jakarta meetup.
• OWASP Go - Secure Coding Practices by Checkmarx - Go programming language secure coding practices guide
• Memory Security in golang - Handling data securely in memory.
• A Go Programmer's Guide to Secure Connections - [Video] GopherCon 2018, Liz Rice
• golang-tls - Simple Golang HTTPS/TLS Examples.
• Hacking with Go - Hacking with Go for security professionals.
• ReDoS in Go by Checkmarx - Diving Deep into Regular Expression Denial of Service (ReDoS) in Go
• Attacking Go: A detailed description on Security assessment techniques for Go projects

Other

Reporting Bugs

• Go Security Policy

Contributing

Found an awesome project, package, article, or another type of resources related to golang Security? Submit a pull request! Just follow the guidelines. Thank you!

License