
Go Application Vulnerability Cheatsheet

Securing applications is not the easiest thing to do. An application has many components: server-side logic, client-side logic, data storage, data transportation, API, and more. With all these components to secure, building a secure application can seem really daunting.
The use of every language, framework, or environment exposes the application to a unique set of vulnerabilities. The first step to fixing vulnerabilities in your application is to know what to look for. Today, let’s take a look at 27 of the most common vulnerabilities that affect Go applications, and how you can find and prevent them.
Let’s secure your Go application! The vulnerabilities I will cover in this post are:
XML external entity attacks (XXE)
Insecure deserialization
Remote code execution (RCE)
SQL injection
NoSQL injection
LDAP Injection
Log injection
Mail injection
Template injection (SSTI)
Regex injection
XPath injection
Header injection
Session injection and insecure cookies
Host header poisoning
Sensitive data leaks or information leaks
Authentication bypass
Improper access control
Directory traversal or path traversal
Arbitrary file writes
Denial of service attacks (DoS)