Book Image

Security with Go

By : John Daniel Leon, Karthik Gaekwad
Book Image

Security with Go

By: John Daniel Leon, Karthik Gaekwad

Overview of this book

Go is becoming more and more popular as a language for security experts. Its wide use in server and cloud environments, its speed and ease of use, and its evident capabilities for data analysis, have made it a prime choice for developers who need to think about security. Security with Go is the first Golang security book, and it is useful for both blue team and red team applications. With this book, you will learn how to write secure software, monitor your systems, secure your data, attack systems, and extract information. Defensive topics include cryptography, forensics, packet capturing, and building secure web applications. Offensive topics include brute force, port scanning, packet injection, web scraping, social engineering, and post exploitation techniques.

Related Content you might be interested in

Current Title:

Small book image
Security with Go
John Daniel Leon | Karthik Gaekwad
Jan, 2018 | 340 pages
Small book image
Go Web Scraping Quick Start Guide
Vincent Smith
Jan, 2019 | 132 pages
Small book image
Go Standard Library Cookbook
Radomír Sohlich
Feb, 2018 | 340 pages
Small book image
Go Systems Programming
Mihalis Tsoukalos
Sep, 2017 | 466 pages
Table of Contents (15 chapters)
Free Chapter
1
Introduction to Security with Go
Introduction to Security with Go
About Go
Why use Go for security?
Development environment
Running Go examples
Summary
2
The Go Programming Language
The Go Programming Language
Go language specification
The Go playground
A tour of Go
Keywords
Notes about source code
Comments
Types
Control structures
Defer
Packages
Classes
Goroutines
Getting help and documentation
Summary
3
Working with Files
Working with Files
File basics
Reading and writing
Archives
Compression
Creating temporary files and directories
Downloading a file over HTTP
Summary
4
Forensics
Forensics
Files
Steganography
Network
Summary
5
Packet Capturing and Injection
Packet Capturing and Injection
Prerequisites
Getting a list of network devices
Capturing packets
Capturing with filters
Saving to the pcap file
Reading from a pcap file
Decoding packet layers
Creating a custom layer
Converting bytes to and from packets
Creating and sending packets
Decoding packets faster
Summary
6
Cryptography
Cryptography
Hashing
Encryption
Summary
7
Secure Shell (SSH)
Secure Shell (SSH)
Using the Go SSH client
Summary
8
Brute Force
Brute Force
Brute forcing HTTP basic authentication
Brute forcing the HTML login form
Brute forcing SSH
Brute forcing database login
Summary
9
Web Applications
Web Applications
HTTP server
HTTP client
Summary
10
Web Scraping
Web Scraping
Web scraping fundamentals
Using the goquery package for web scraping
How to protect against web scraping
Summary
11
Host Discovery and Enumeration
Host Discovery and Enumeration
TCP and UDP sockets
Port scanning
Grabbing a banner from a service
Creating a TCP proxy
Finding named hosts on a network
Fuzzing a network service
Summary
12
Social Engineering
Social Engineering
Gathering intel via JSON REST API
Sending phishing emails with SMTP
Generating QR codes
Honeypots
Sandboxing
Summary
13
Post Exploitation
Post Exploitation
Cross compiling
Creating bind shells
Creating reverse bind shells
Creating web shells
Finding writable files
Changing file timestamp
Changing file permissions
Changing file ownership
Summary
14
Conclusions
Conclusions
Recapping the topics you have learned
More thoughts on the usage of Go
What I hope you take away from the book
Be aware of legal, ethical, and technical boundaries
Where to go from here
Getting help and learning more
15
Another Book You May Enjoy
Another Book You May Enjoy
Leave a review – let other readers know what you think

Brute forcing HTTP basic authentication

HTTP basic authentication is when you provide a username and password with your HTTP request. You can pass it as part of the URL in modern browsers. Consider this example:

http://username:[email protected]

When adding basic authentication programmatically, the credentials are provided as an HTTP header named Authorization, which contains a value of username:password base64 encoded and prefixed with Basic, separated by a space. Consider the following example:

Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

Web servers typically respond with a 401 Access Denied code when the authentication fails, and they should respond with a 2xx success code such as 200 OK.

This example will take a URL and a username value and attempt to log in using the passwords generated.

To reduce the effectiveness of attacks like these, implement a rate-limiting...

Previous Section
End of Section 2
Next Section