Go Application Vulnerability Cheatsheet



Securing applications is not the easiest thing to do. An application has many components: server-side logic, client-side logic, data storage, data transportation, API, and more. With all these components to secure, building a secure application can seem really daunting.


The use of every language, framework, or environment exposes the application to a unique set of vulnerabilities. The first step to fixing vulnerabilities in your application is to know what to look for. Today, let’s take a look at 27 of the most common vulnerabilities that affect Go applications, and how you can find and prevent them.


Let’s secure your Go application! The vulnerabilities I will cover in this post are:

  • XML external entity attacks (XXE)

  • Insecure deserialization

  • Remote code execution (RCE)

  • SQL injection

  • NoSQL injection

  • LDAP Injection

  • Log injection

  • Mail injection

  • Template injection (SSTI)

  • Regex injection

  • XPath injection

  • Header injection

  • Session injection and insecure cookies

  • Host header poisoning

  • Sensitive data leaks or information leaks

  • Authentication bypass

  • Improper access control

  • Directory traversal or path traversal

  • Arbitrary file writes

  • Denial of service attacks (DoS)