Top security best practices for Go

  • You should validate user entries (using native Go packages or 3rd party packages) not only for functionality but also to avoid attackers sending intrusive data.
  • Use HTML templates to cover the vulnerability of XSS. You can use the html/template package to sanitize JavaScript executables.
  • Ensure each database user has limited permissions, that you are validating user inputs and that you are using parameterized queries to protect yourself from SQL injections.
  • Make the best use of Go’s crypto package to encrypt sensitive information.
  • Enforce HTTPS communication and implement in-transit encryption even for internal communication.
  • Remember that error messages and error logs can expose sensitive information. Use the native library in Go for logs or third-party options like logrus, glog or logo.

Full post here, 6 mins read