Book Image

Security with Go

By : John Daniel Leon
Book Image

Security with Go

By: John Daniel Leon

Overview of this book

Go is becoming more and more popular as a language for security experts. Its wide use in server and cloud environments, its speed and ease of use, and its evident capabilities for data analysis, have made it a prime choice for developers who need to think about security. Security with Go is the first Golang security book, and it is useful for both blue team and red team applications. With this book, you will learn how to write secure software, monitor your systems, secure your data, attack systems, and extract information. Defensive topics include cryptography, forensics, packet capturing, and building secure web applications. Offensive topics include brute force, port scanning, packet injection, web scraping, social engineering, and post exploitation techniques.
Table of Contents (15 chapters)

Brute forcing HTTP basic authentication

HTTP basic authentication is when you provide a username and password with your HTTP request. You can pass it as part of the URL in modern browsers. Consider this example:

http://username:[email protected]

When adding basic authentication programmatically, the credentials are provided as an HTTP header named Authorization, which contains a value of username:password base64 encoded and prefixed with Basic, separated by a space. Consider the following example:

Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

Web servers typically respond with a 401 Access Denied code when the authentication fails, and they should respond with a 2xx success code such as 200 OK.

This example will take a URL and a username value and attempt to log in using the passwords generated.

To reduce the effectiveness of attacks like these, implement a rate-limiting...