Go-SCP
Go-SCP copied to clipboard
OWASP
Golang Secure Coding Practices guide
I'm just picking on integers right now, because that's top of mind, but: - `strconv.Atoi` is almost never correct; [I cover this in a few different talks](https://github.com/lojikil/kyoto-go-nihilism) - We list...
In " Go-SCP/src/authentication-password-management/validation-and-storage.md " [LINK](https://github.com/OWASP/Go-SCP/blob/52c322fc3949002c380c7956464d0e5f091ddb93/src/authentication-password-management/validation-and-storage.md#storing-password-securely-the-practice) the reference links for hashing functions are wrong. It should be something similar to: ```md In the case of password storage, the hashing algorithms recommended...
In the [Cryptography Practices](https://github.com/OWASP/Go-SCP/tree/master/src/cryptographic-practices) section we say the following: > MD5 is the most popular hashing algorithm, but securitywise BLAKE2 is considered the strongest and most flexible. and > To...
We should follow the CERT C/C++/Java style and show non-compliant and compliant code for each example, esp in the Validation section of the document. For example, [this is the CERT...
We mention that `text/template` won't save you from XSS, but the [documentation explicitly states that it is unsafe for handling user input](https://golang.org/pkg/text/template/#pkg-overview). We should clarify that the threat model for...
I want to translate this book into Chinese, It's a pretty good book.
Hi, this book is useful for gopher to follow the best practice of secure programming. Would you mind I translate this book to Traditional Chinese? I will link to origin...
Hi all, I'd like to propose the addition of a glossary for certain terms that may be misinterpreted or need additional explanations to be unambiguously interpreted by readers. This would...
Pseudorandom number generation should be updated to use `math/rand/v2` as this is the new recommended implementation
Changes related to migrating content to newer `math/rand/v2`. `v2` does not have the `Seed` function anymore so removed the code example related to it, but kept the warning in the...
