Go web application security checklist
Checklist based on video of @NataliePis from GoWayFest 3.0 in Minsk.
Data | Code | Dependencies
Data
- Passwords;
- User Data;
- Secrets management.
Code
- Input validation;
- SQL injection;
- Static code analysis: https://github.com/securego/gosec;
- Endpoints for debug;
- Logging and monitoring.
Dependencies
- List of direct and indirect dependencies: go.mod;
- Analysis of direct and indirect dependencies: goreportcard.com maybe helpful;
- Reproducible builds: go modules;
- Deps blacklist with https://github.com/OpenPeeDeeP/depguard.