Go Audit and Code Review

Discover which kind of security bugs can be found inside Go code and how to detect them statically.

What you'll learn?

In this course, you will focus on learning Go code audit and vulnerability research. First, You will discover the internal of Go and which security mechanisms are enforced by default. Then, you will learn which vulnerabilities are the most common and how to find low-hanging fruits bugs manually and automatically using different Go auditing tools.

Introduction to Go
Golang Ecosystem
Security concepts
- Concurrency, Garbage collector, etc.
Golang common vulnerabilities
- Panicking function
- Arithmetic errors
- Out-of-bounds panics
- SIGSEGV / Nil pointer dereference
- Resource exhaustion / OOM, Stack overflow
Advanced vulnerabilities
- Unsafe code
- Data races, Race conditions,
- Memory Leak, Logic errors
- Concurrency issues (Deadlock, Goroutine leak, etc.)
- Web Application Vulnerabilities (SQLI, XSS, etc.)
Attack surface discovery
Auditing tools
Exercises

Along with this training, you will deal with a lot of hands-on exercises allowing you to internalize concepts and techniques taught in the course.

$2,400

Go Security Audit and Fuzzing

Bundle
3 Products

Learn which kind of security vulnerabilities/bugs can be found inside Go code, how to detect them statically and automatically using fuzzing techniques. 🎞️ 90 videos / ⏱️ 7.5 hours / 👨‍💻 25+ exercises

Buy now Learn more

What's included?

Welcome & Summary

Welcome & Overview

Preview

Summary

Preview

Materials

Day1_Go_Security_Audit_And_Code_Review_v1_0.pdf

Day1_Go_Security_Audit_And_Code_Review_v1_1.pdf

go_security_day_1.zip

1. Introduction to Go

1.0 - Introduction to Go

1.1 - Go basic101

1.2 - Learning Go

1.3 - Examples

2. Golang Ecosystem

2.0 - Go ecosystem

Preview

2.1 - Go toolchains

2.2 - Labs vuln_tester

2.3 - Compilation

2.4 - Development tools

2.5 - Development IDEs

3. Design & Security in Go

3.0 - Design & security

3.1 - Type checking

3.2 - Memory & Garbage collection

3.3 - Concurrency

3.4 - Error handling

4. Go common vulnerabilities

4.0 - Go vulnerabilities

Preview

4.1 - Panicking functions

4.2 - Arithmetic errors

4.3 - Out of bound panics

4.4 - SIGSEGV - Nil pointer dereference

4.5 - Resource exhaustion / OOM

4.6 - Stack overflow

4.7 - Exercise 1

4.8 - Exercise 1: Correction

4.9 - Exercise 2

4.10 - Exercise 2: Correction

5. Advanced vulnerabilities

5.0 - Unsafe code

5.1 - Race Conditions / Data Races

5.2 - Web App vulns

5.3 - Concurrency issues

5.4 - Others issues

6. Audit and Code Review

6.0 - Code audit & attack surface

6.1 - Auditing tools

6.2 - Testing

6.3 - Exploitation & Hardening

6.4 - Audit report/database

6.5 - Interesting targets

6.6 - Exercises 1

6.7 - Exercises 1: Correction

6.8 - Exercises 2

6.9 - Exercises 2: Correction

7.0 - Closing remarks

$2,400

Go Security Audit and Fuzzing

Bundle
3 Products

Buy now Learn more

Meet Your Instructor

Hey! 👋 My name is Patrick and I'm the founder of FuzzingLabs, a research-oriented security company specializing in fuzzing, vulnerability research, and reverse engineering.

Over time, we found hundreds of bugs and presented our work at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, Devcon, EthCC, RingZer0, ToorCon, hack.lu, NorthSec, Microsoft DCC, etc.

You can read more about me by clicking here.

X Linked_in Youtube Website Mail

FREE Resources & Trainings

Enter your email to receive special deals and a bundle of awesome resources. 100% free - 100% awesome. 👇