Go Audit and Code Review
- Buy now
- Learn more
Welcome & Summary

Welcome & Overview
Summary
Materials

Day1_Go_Security_Audit_And_Code_Review_v1_0.pdf
Day1_Go_Security_Audit_And_Code_Review_v1_1.pdf
go_security_day_1.zip
1. Introduction to Go

1.0 - Introduction to Go
1.1 - Go basic101
1.2 - Learning Go
1.3 - Examples
2. Golang Ecosystem

2.0 - Go ecosystem
2.1 - Go toolchains
2.2 - Labs vuln_tester
2.3 - Compilation
2.4 - Development tools
2.5 - Development IDEs
3. Design & Security in Go

3.0 - Design & security
3.1 - Type checking
3.2 - Memory & Garbage collection
3.3 - Concurrency
3.4 - Error handling
4. Go common vulnerabilities

4.0 - Go vulnerabilities
4.1 - Panicking functions
4.2 - Arithmetic errors
4.3 - Out of bound panics
4.4 - SIGSEGV - Nil pointer dereference
4.5 - Resource exhaustion / OOM
4.6 - Stack overflow
4.7 - Exercise 1
4.8 - Exercise 1: Correction
4.9 - Exercise 2
4.10 - Exercise 2: Correction
5. Advanced vulnerabilities

5.0 - Unsafe code
5.1 - Race Conditions / Data Races
5.2 - Web App vulns
5.3 - Concurrency issues
5.4 - Others issues
6. Audit and Code Review

6.0 - Code audit & attack surface
6.1 - Auditing tools
6.2 - Testing
6.3 - Exploitation & Hardening
6.4 - Audit report/database
6.5 - Interesting targets
6.6 - Exercises 1
6.7 - Exercises 1: Correction
6.8 - Exercises 2
6.9 - Exercises 2: Correction
7.0 - Closing remarks

Summary

Introduction to Go and its Ecosystem
Security concepts
- Memory safety, Garbage collector, Error handling, Concurrency
Golang common vulnerabilities
- Panicking function
- Arithmetic errors
- Out-of-bounds panics
- SIGSEGV / Nil pointer dereference
- Resource exhaustion / OOM, Stack overflow
Advanced vulnerabilities
- Unsafe code
- Data races, Race conditions,
- Memory Leak, Logic errors
- Concurrency issues (Deadlock, Goroutine leak, etc.)
- Web Application Vulnerabilities (SQLI, XSS, etc.)
Attack surface discovery & Auditing tools