Original post

Aaron Hnatiw joined the show to talk about being a security researcher, teaching application security with , and a deep dive on how engineers and developers can get started with infosec. Plus: white hat, black hat, red team, blue team…Aaron sorts it all out for us.

Discuss on Changelog News

Sponsors

  • Linode – Our cloud server of choice. Get one of the fastest, most efficient SSD cloud servers for only $5/mo. Use the code changelog2017 to get 4 months free!

  • Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform.

Featuring

Notes and Links

Aaron blessed us with a veritable slew of links to help Go developers level up their security game:

Go Meta Linter

Go AST Scanner

SafeSQL

Race-The-Web (Also check out the accompanying practice site)

Go-fuzz (Check out their trophies section)

Gryffin

Webseclab

Gobuster

Input-field-finder

OWASP Top 10: (Counterpoint – Vulnerabilities beyond the OWASP Top 10)

SSRF as a Service: Mitigating a Design-Level Software Security Vulnerability


Interesting Go Projects and News

Fencing off Go Applied – A Practical Look at a Go Research Paper

Go 1.9 Release Notes

GoRef (v. similar to trace)


Free Software Friday!

Each week on the show we give a shout out to an open source project or community (or maintainer) that’s made an impact in our day to day developer lives.

Erik – K8GUARD (The guardian angel for Kubernetes)

Carlisia – Goman

Brian – WSLtty

Aaron – Visual Studio Code (with the Go plugin, of )