▲ 11 ▼ Book: Web Application Secure Coding Practices in Go

checkmarx.gitbooks.io posted by kenny 2767 days ago

Go Language - Web Application Secure Coding Practices is a guide written for anyone who is using the Go Programming Language and aims to use it for web development.

This book is collaborative effort of Checkmarx Security Research Team and it follows the OWASP Secure Coding Practices - Quick Reference Guide v2 (stable) release.

The main goal of this book is to help developers avoid common mistakes while at the same time, learning a new programming language through a "hands-on approach". This book provides a good level of detail on "how to do it securely" showing what kind of security problems could arise during development.

▲ jon 2767 days ago ▼

Has anyone read this to any degree?

Some comments on HN suggested that it is more a starting point and a rehashing of OWASP without covering the details that well in Go, so I was wondering if that was the sense others got.

Contributing
▲ kenny 2766 days ago ▼

I had a quick skim, looks a bit thin in places but covers quite a lot of the basics which beginners might not even be aware are necessary (and which Go doesn't provide out of the box solutions for). Saw that comment from tptacek but not sure it is entirely fair, it has some properly sourced quotes from the owasp top 10, but most of the content does not appear to be copied or a simple rehash as he asserts (without examples). e.g. the xss section contains mostly original content specific to go (though I do think they overegg the vulnerability of writing directly to the writer without templates it is useful to know). So this doesn't look like a simple rehash, and I do think it is useful to look at for go developers. Haven't had time to read the whole thing yet though so can't comment in depth.

Contributing