Securing applications is not the easiest thing to do. An application has many components: server-side logic, client-side logic, data storage, data transportation, API, and more. With all these components to secure, building a secure application can seem really daunting.
The use of every language, framework, or environment exposes the application to a unique set of vulnerabilities. The first step to fixing vulnerabilities in your application is to know what to look for. Today, let’s take a look at 27 of the most common vulnerabilities that affect Go applications, and how you can find and prevent them.
Let’s secure your Go application! The vulnerabilities I will cover in this post are:
XML external entity attacks (XXE)
Remote code execution (RCE)
Template injection (SSTI)
Session injection and insecure cookies
Host header poisoning
Sensitive data leaks or information leaks
Improper access control
Directory traversal or path traversal
Arbitrary file writes
Denial of service attacks (DoS)