I had a quick skim, looks a bit thin in places but covers quite a lot of the basics which beginners might not even be aware are necessary (and which Go doesn't provide out of the box solutions for). Saw that comment from tptacek but not sure it is entirely fair, it has some properly sourced quotes from the owasp top 10, but most of the content does not appear to be copied or a simple rehash as he asserts (without examples). e.g. the xss section contains mostly original content specific to go (though I do think they overegg the vulnerability of writing directly to the writer without templates it is useful to know). So this doesn't look like a simple rehash, and I do think it is useful to look at for go developers. Haven't had time to read the whole thing yet though so can't comment in depth.