Original post

Aaron Hnatiw joined the show to talk about being a security researcher, teaching application security with , and a deep dive on how engineers and developers can get started with infosec. Plus: white hat, black hat, red team, blue team…Aaron sorts it all out for us.

Discuss on Changelog News


  • Linode – Our cloud server of choice. Get one of the fastest, most efficient SSD cloud servers for only $5/mo. Use the code changelog2017 to get 4 months free!

  • Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform.


Notes and Links

Aaron blessed us with a veritable slew of links to help Go developers level up their security game:

Go Meta Linter

Go AST Scanner


Race-The-Web (Also check out the accompanying practice site)

Go-fuzz (Check out their trophies section)





OWASP Top 10: (Counterpoint – Vulnerabilities beyond the OWASP Top 10)

SSRF as a Service: Mitigating a Design-Level Software Security Vulnerability

Interesting Go Projects and News

Fencing off Go Applied – A Practical Look at a Go Research Paper

Go 1.9 Release Notes

GoRef (v. similar to trace)

Free Software Friday!

Each week on the show we give a shout out to an open source project or community (or maintainer) that’s made an impact in our day to day developer lives.

Erik – K8GUARD (The guardian angel for Kubernetes)

Carlisia – Goman

Brian – WSLtty

Aaron – Visual Studio Code (with the Go plugin, of )