<p>I am new to security. I've written a web application in Go that has protections against common attacks like CSRF and SQL injection. But I would like to know how secure it actually is and discover any other security issues it might have.</p>
<p>Which are your best Go specific or other tools for that?</p>
<hr/>**评论:**<br/><br/>colezlaw: <pre><p>On the dynamic side, a webapp in Go is going to look no different than an app written in any other language, except that it also provides HTTP/2 out of the box. HTTP/2 is no different from HTTP/1 when you're looking at vulnerabilities in the application, but if you were going to do protocol fuzzing then there would need to be that.</p>
<p>On the static side, I'm not aware of any static analyzers (yet) for Go that have a really strong set of defensive programming rules. However, the lexer and parser are available as API's so writing a static analyzer specifically for defensive programming type of things would just be a matter of understanding what API's need to be modeled, what incorrect or unsafe things look like, and what safe usages of those look like. Doing proper dataflow analysis and taint propagation, however, would take a lot more time.</p></pre>
这是一个分享于 的资源,其中的信息可能已经有所发展或是发生改变。
入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889
- 请尽量让自己的回复能够对别人有帮助
- 支持 Markdown 格式, **粗体**、~~删除线~~、
`单行代码`
- 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
- 图片支持拖拽、截图粘贴等方式上传