A curated list of awesome golang Security related resources.
List inspired by the awesome list thing.
Supported by: GuardRails.io
Contents
Tools
Web Framework Hardening
-
nosurf - CSRF protection middleware for Go.
-
gorilla/csrf - Provides Cross-Site Request Forgery (CSRF) prevention middleware for Go web applications & services.
-
gorilla/securecookie - Encodes and decodes authenticated and optionally encrypted cookie values for Go web applications.
-
secure - Secure is an HTTP middleware for Go that facilitates most of your security needs for web applications.
-
unindexed - A drop-in replacement for
http.Dir
which disables directory indexing.
-
beego-security-headers - beego framework filter for easy security headers management.
Libraries
-
paseto - Platform-Agnostic Security Tokens implementation in GO (Golang).
-
hsts - Go HTTP Strict Transport Security library.
-
jwt-go - Golang implementation of JSON Web Tokens (JWT).
-
httprobe - Take a list of domains and probe for working HTTP and HTTPS servers.
Static Code Analysis
-
safesql - Static analysis tool for Golang that protects against SQL injections. It does not seem to be actively maintained at the moment.
-
gosec - Inspects source code for security problems by scanning the Go AST and matching it with a set of rules. Comes bundled in a Docker container securego/gosec.
-
gometalinter - Concurrently runs most of the existing go linters and normalizes their output.
-
CodeQL - A tool that lets you query your code like data, in order to find vulnerabilities and bugs. See also LGTM.com for pull request integration and running queries in the cloud.
-
ChainJacking - Find which of your Go lang direct GitHub dependencies is susceptible to ChainJacking attack.
Vulnerabilities and Security Advisories
Private Key Infrastructure
-
CloudFlare SSL - CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates.
Educational
Hacking Playground
-
govwa - A vulnerable golang application including the most common vulnerabilities found in web applications today.
-
Lambhack - A very vulnerable serverless application in AWS Lambda.
Articles, Guides & Talks
Other
Reporting Bugs
Contributing
Found an awesome project, package, article, or another type of resources related to golang Security? Submit a pull request!
Just follow the guidelines. Thank you!
License