skf-flask icon indicating copy to clipboard operation
skf-flask copied to clipboard
verified publisher icon blabla1337

Write code examples Golang (go)

Open zythosec opened this issue 9 years ago • 11 comments

I have started implementing these in my fork.

zythosec avatar Jun 09 '16 21:06 zythosec

Hi Rossnanop,

That is awesome news! Let me know if you need any assistance when writing them, looking forward to see them ^^

Greetz, Glenn

blabla1337 avatar Jul 08 '16 09:07 blabla1337

Remaining Examples Checklist:

  • [ ] File Upload
  • [ ] CSRF tokens
  • [ ] Directory path traversal
  • [ ] System commands
  • [x] Anti-caching headers
  • [x] Anti-clickjacking headers
  • [x] X-XSS-Protection header
  • [x] X-Content-Type-Options header
  • [x] Secure session cookies
  • [x] Session cookies HttpOnly
  • [ ] Identifier-based authorization
  • [x] SQL query
  • [ ] Logout function
  • [ ] Enforce secure passwords
  • [ ] Timeout a session
  • [ ] Directory listing
  • [ ] Charsets
  • [x] HTML output
  • [x] Password storage
  • [ ] Login function
  • [ ] Random password/token generation
  • [x] Session cookies (domain)
  • [x] Content type headers
  • [ ] Sandboxing
  • [ ] Audit logs
  • [ ] Debug enabling
  • [ ] Input validation
  • [ ] User registration
  • [ ] Aggregate user controls
  • [ ] Session hijacking and fixation
  • [ ] Password forget & disallow old passwords
  • [ ] Open forwards & redirects
  • [ ] Re-authentication
  • [ ] Enforce sequential step order (Shopping)
  • [ ] Encoder
  • [ ] Whitelisting
  • [ ] Privilege based authentication
  • [ ] Reflective file download and file download injection prevention
  • [ ] X-path-query

zythosec avatar Oct 10 '17 23:10 zythosec

Hi zythosec are you planning to write more of secure Go examples? We get a lot of requests from people for this :)

blabla1337 avatar Jun 18 '18 21:06 blabla1337

Hi @blabla1337 of course! A lot going on lately and I've been meaning to get back to these. Will try to start setting time aside each week to start checking some of these off.

zythosec avatar Jun 21 '18 02:06 zythosec

Hi Zythosec, yeah I know what you mean. Ooh that would be really great, thanks! 👍

blabla1337 avatar Jun 21 '18 16:06 blabla1337

So the list provided here, is mostly about server side go materials. Can we add materials regarding client-side security as well? Think about public key pinning, memory sanitization, etc.

commjoen avatar Oct 01 '18 11:10 commjoen

@zythosec Are you still planning to work on them, because we currently only have a couple of GO examples and would be really nice if we have more examples.

blabla1337 avatar Feb 18 '19 20:02 blabla1337

@zythosec, How is the project going? :-) We were really looking forward to this!

RiieCco avatar Jul 01 '22 11:07 RiieCco

@RiieCco I should have some time this weekend to add some more examples. Is this still the correct place to add them? It looks like nothing in here has been updated in a while (even other languages).

Also, I know I created the checklist above way back when based on other language examples. Is there a definitive list of needed examples the project would like to have across all languages? That will help me know where to focus my effort.

Thanks!

zythosec avatar Jul 01 '22 14:07 zythosec

Hey @zythosec,

I think that the list that you have is a good representation of what the most important examples are. Sadly me and Glenn have been really busy with creating the whole "learning platform" so we did not had that much time adding or reviewing current code examples.

The location that you marked is indeed stil the right one! Thanks for helping out, really appreciated! :-D

RiieCco avatar Jul 01 '22 20:07 RiieCco

@RiieCco doing research for examples this weekend, I realized OWASP aleady has the Go Secure Coding Practices Guide Would it make sense to adopt this guide for examples rather than create a separate list that needs to be maintained?

zythosec avatar Jul 04 '22 19:07 zythosec