Infosec research and app security

Aaron Hnatiw joined the show to talk about being a security researcher, teaching application security with Go, and a deep dive on how engineers and developers can get started with infosec. Plus: white hat, black hat, red team, blue team…Aaron sorts it all out for us.

Join the discussion

Changelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!

Sponsors:

• Linode – Our cloud server of choice. Get one of the fastest, most efficient SSD cloud servers for only $5/mo. Use the code changelog2017 to get 4 months free!
• Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform.

Featuring:

• Aaron Hnatiw – GitHub, X
• Erik St. Martin – GitHub, X
• Carlisia Thompson – GitHub, LinkedIn, X
• Brian Ketelsen – GitHub, X

Show Notes:

Aaron blessed us with a veritable slew of links to help Go developers level up their security game:

Go Meta Linter

Go AST Scanner

SafeSQL

Race-The-Web (Also check out the accompanying practice site)

Go-fuzz (Check out their trophies section)

Gryffin

Webseclab

Gobuster

Input-field-finder

OWASP Top 10: (Counterpoint - Vulnerabilities beyond the OWASP Top 10)

SSRF as a Service: Mitigating a Design-Level Software Security Vulnerability

Interesting Go Projects and News

Fencing off Go Applied - A Practical Look at a Go Research Paper

Go 1.9 Release Notes

GoRef (v. similar to trace)

Free Software Friday!

Each week on the show we give a shout out to an open source project or community (or maintainer) that’s made an impact in our day to day developer lives.

Erik - K8GUARD (The guardian angel for Kubernetes)

Carlisia - Goman

Brian - WSLtty

Aaron - Visual Studio Code (with the Go plugin, of course)

Something missing or broken? PRs welcome!