Secure Coding in Go: Avoiding Common Vulnerabilities to better Secure Your Code

Presented at Kernelcon 2023, April 14, 2023, 11:30 a.m. (60 minutes)

This talk will walk through the most common application security pitfalls engineers encounter when building Go applications with a focus on API security. Focusing on the OWASP Top 10 as a baseline the talk will explore different methods of avoiding common injection vulnerabilities, cryptography issues, incorrect security configuration and insecure authentication (AuthN) and authorization (AuthZ) schemes. The goal of this presentation is to give a good secure coding overview for new Go engineers to help avoid common mistakes and build good secure coding habits from the start.

Presenters:

• Benji Vesterby - SynSaber
  My interest in security began early in my career when I stumbled across “Writing Secure Code” by Microsoft Press. It was a jarring introduction to security since it revealed how flawed most software was and how little I actually knew in securing my own work. As a software engineer, my focus was always on building software rather than breaking it. Yet, finding my first vulnerability (a query string privilege escalation) was exhilarating. But then came the hard part: how do I fix it? I believe that building good coding habits can lead to more secure code.

Similar Presentations:

• CircleCityCon 8.0 (2021) Virtual / Do Your Developers Write SUPER Secure Code?
• LocoMocoSec 2019 / Building Secure API's and Web Applications: Secure Coding with Aloha Training
• BSidesLV 2019 / Tournament: The Ultimate Secure Coding Throw Down