Adrian Hesketh @AdrianHesketh
This talk was about how to ensure the Go code you create is secure. There were a lot of very interesting tools that Adrian rattled through, which I mostly captured in photographic form!
Adrian also handily supplied a link of links at the end of the talk - https://gist.github.com/a-h/e5558b35a1e24cc6950406e45ef0d646
This is a tool that run existing Go web applications on AWS Lambda/API Gateway without changing the existing HTTP handlers.
https://github.com/akrylysov/algnhsa
This tool inspects the source code for security problems, such as hardcoded passwords. Could be added to our CI pipelines.
https://github.com/securego/gosec
This tool scans container images for security vulnerabilities.
This tool scans for dependency security vulnerabilities.
This tool will automatically rotate MySQL credentials when using AWS Secrets Manager.
https://github.com/a-h/go-sql-driver-rds-credentials
Notifies on Slack when a new vulnerability is added to the https://nvd.nist.gov database.
https://github.com/a-h/nvdnotifier
These are settings that are often missed, that can be disabled for extra security.
https://gist.github.com/a-h/c0d85863621a67e980f7fad44e645fbc
This is a tool that redirects users from HTTP to HTTPS and adds the HSTS header.
Also consider https://github.com/unrolled/secure
Free security tool to help automatically find security vulnerabilities in web applications.
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project