AppsFlyer ∴ 2022
Miki Tebeka miki@353solutions.com, @tebeka, mikitebeka, blog
- Common security threats (OWASP top 10)
- Avoiding injection
- Secure HTTP requests
- Avoiding sensitive data leak
- Handling secrets
- The security mindset and adding security to your development process
- golang.org/x/time/rate - Rate limiting
- Let's talk about logging by Dave Cheney
- Go Security Policy
- Awesome security tools
- How our security team handles secrets
- HTTPS
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj /CN=localhost- x/crypto/autocert
- Using Let's Encrypt in Go
- Customizing Binaries with Build Tags
- Books
- Search for AWS keys in GitHub
- Fallacies of distributed computing
- cue - Language for data validation
- Serialization Vulnerabilities
- Understanding HTML templates in Go
- SQL
- Resilient net/http servers
- Context on the Go blog
- Customizing Binaries with Build Tags
- Our Software Depenedcy Problem
- Go's CVE List
- Static tools
- gosec
go install golang.org/x/vuln/cmd/govulncheck@latest- staticcheck
- Use x/tools/analysis to write your own (see here for an example)
- golangci-lint
- The newembed package
- OWASP Top 10
- The Security Mindset by Bruce Schneier
- Effective Go - Read this!
./run-db.sh- Will start postgres on port 5432
docker exec -it <ID> psql -U postgres- or
pgcli -p 5432 -U postgres -h localhost
- or
curl -d@_ws/add-1.json http://localhost:8080/api/journal- Try with add-2.json and add-3.json
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj /CN=localhost