The Synopsys Software Integrity Group is now Black Duck®. Learn More

close search bar

Sorry, not available in this language yet

close language selection

Secure Programming for Golang

Course Description

Go promises to make programmers more productive by being expressive, concise, clean, and efficient. In this course, we will teach you how to handle security in this popular open source programming language.

Learning Objectives

  • Identify the most popular frameworks and conventions that can be used to write a web application, and the security pros and cons of each
  • Evaluate the security considerations of the different methods a client and a Go application can use to communicate with each other
  • Identify the security risks and considerations of writing concurrent code
  • Work with the included functions and cryptographic algorithms and understand their limitations
  • Understand the nuances and techniques of getting the required data logged in order to respond to potential security issues

Details

Delivery Format: eLearning

Duration: 1 hour 15 minutes

Level: Intermediate

Intended Audience: 

  • Back-End Developers

PrerequisitesOWASP Top 10

Course Outline

Introduction

  • Error Handling
  • Dependency Management

Go for Web

  • Vanilla Go
  • Gorilla Framework
  • Revel
  • Gin Gonic
  • Mat Ryer’s Web Services Pattern

Web Interfaces

  • Enforcing HTTPS Communications
  • Rest API
  • Web Pages
  • Forms - CSRF
  • Forms - Validation and Sanitization
  • Secure Headers

Concurrency

  • Goroutines
  • Race Conditions
  • DoS Prevention
  • Context Package

Data Stores

  • Session Management: Cookies
  • Cryptographic Signature with Generated Tokens
  • Session Management: JWT
  • Access Control Frameworks
  • SQL Databases

Cryptography

  • Password Storage
  • The math/rand Package
  • Crypto Go Package

Logging

  • Logging Events
  • Runtime Crashes

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster