GOL201 – Defending GO

Learn about Security Compass’s course, Defending Typescript

Course Learning Objectives

In the five modules of this course, we’ll explore how to avoid common memory-based vulnerabilities, distinguish between AES and DES encryption schemes, understand the SHA secure hashing algorithm, use key derivation functions, safely retrieve input data, protect against SQL injection attacks, secure HTTP servers, configure a Content Security Policy, set up TLS connections, understand certificate pinning, and screen third-party packages before using them in your projects.

Description

Defending Go is for software development professionals and security professionals who are responsible for securing different phases of the SDLC. Go is designed with more security considerations in mind, which makes it important for developers to understand where traditional vulnerabilities still exist and where its features introduce risks.

Audience Time Required
Developers

Tailored learning – 60 minutes total

Course Outline

1. Software Security Practices

  • Garbage collector
  • Heap and stack memory
  • Code: Heap and stack example
  • Code: Memory addressing
  • Code: Defer function
  • Code: Defer and panic functions
  • C and Go
  • Code: Pointers

2. Cryptography

  • Code: AES encryption
  • Code: AES decryption
  • Triple DES
  • Code: Triple DES encryption
  • Code: Triple DES decryption
  • Introduction to hashing
  • Code: SHA
  • Code: MD5
  • Introduction to KDF
  • Code: Key Derivation

3. Input Validation and Sanitization

  • Input validation
  • Input sanitization
  • Code: Strconv package
  • Strings package
  • Code: utf8 package
  • Code: Regexp package
  • Code: Input validation
  • Cross-Site Scripting (XSS)
  • Code: Bad practice
  • Code: Good practice
  • Code: SQL injections
  • Code: Protect against SQL Injection

4. Communication Security

  • Running a secure HTTP server
  • Content Security Policy (CSP)
  • Code: CSP implementation
  • TLS introduction
  • Code: TLS server-side example
  • Code: TLS client-side example
  • Certificate pinning
  • Code: Certificate pinning

5. Dependency Management

  • Using third-party packages
  • Risks you may face
  • How to choose a third-party package
  • Is the package being maintained?
  • Package popularity