Book Image

Security with Go

By : John Daniel Leon, Karthik Gaekwad
Book Image

Security with Go

By: John Daniel Leon, Karthik Gaekwad

Overview of this book

Go is becoming more and more popular as a language for security experts. Its wide use in server and cloud environments, its speed and ease of use, and its evident capabilities for data analysis, have made it a prime choice for developers who need to think about security. Security with Go is the first Golang security book, and it is useful for both blue team and red team applications. With this book, you will learn how to write secure software, monitor your systems, secure your data, attack systems, and extract information. Defensive topics include cryptography, forensics, packet capturing, and building secure web applications. Offensive topics include brute force, port scanning, packet injection, web scraping, social engineering, and post exploitation techniques.

Related Content you might be interested in

Current Title:

Small book image
Security with Go
John Daniel Leon | Karthik Gaekwad
Jan, 2018 | 340 pages
Small book image
Go Web Scraping Quick Start Guide
Vincent Smith
Jan, 2019 | 132 pages
Small book image
Go Standard Library Cookbook
Radomír Sohlich
Feb, 2018 | 340 pages
Small book image
Go Systems Programming
Mihalis Tsoukalos
Sep, 2017 | 466 pages
Table of Contents (15 chapters)
Free Chapter
1
Introduction to Security with Go
Introduction to Security with Go
About Go
Why use Go for security?
Development environment
Running Go examples
Summary
2
The Go Programming Language
The Go Programming Language
Go language specification
The Go playground
A tour of Go
Keywords
Notes about source code
Comments
Types
Control structures
Defer
Packages
Classes
Goroutines
Getting help and documentation
Summary
3
Working with Files
Working with Files
File basics
Reading and writing
Archives
Compression
Creating temporary files and directories
Downloading a file over HTTP
Summary
4
Forensics
Forensics
Files
Steganography
Network
Summary
5
Packet Capturing and Injection
Packet Capturing and Injection
Prerequisites
Getting a list of network devices
Capturing packets
Capturing with filters
Saving to the pcap file
Reading from a pcap file
Decoding packet layers
Creating a custom layer
Converting bytes to and from packets
Creating and sending packets
Decoding packets faster
Summary
6
Cryptography
Cryptography
Hashing
Encryption
Summary
7
Secure Shell (SSH)
Secure Shell (SSH)
Using the Go SSH client
Summary
8
Brute Force
Brute Force
Brute forcing HTTP basic authentication
Brute forcing the HTML login form
Brute forcing SSH
Brute forcing database login
Summary
9
Web Applications
Web Applications
HTTP server
HTTP client
Summary
10
Web Scraping
Web Scraping
Web scraping fundamentals
Using the goquery package for web scraping
How to protect against web scraping
Summary
11
Host Discovery and Enumeration
Host Discovery and Enumeration
TCP and UDP sockets
Port scanning
Grabbing a banner from a service
Creating a TCP proxy
Finding named hosts on a network
Fuzzing a network service
Summary
12
Social Engineering
Social Engineering
Gathering intel via JSON REST API
Sending phishing emails with SMTP
Generating QR codes
Honeypots
Sandboxing
Summary
13
Post Exploitation
Post Exploitation
Cross compiling
Creating bind shells
Creating reverse bind shells
Creating web shells
Finding writable files
Changing file timestamp
Changing file permissions
Changing file ownership
Summary
14
Conclusions
Conclusions
Recapping the topics you have learned
More thoughts on the usage of Go
What I hope you take away from the book
Be aware of legal, ethical, and technical boundaries
Where to go from here
Getting help and learning more
15
Another Book You May Enjoy
Another Book You May Enjoy
Leave a review – let other readers know what you think

Brute Force

Brute force attacks, also called exhaustive key attacks, are when you try every possible combination for an input until you eventually get the right combination. The most common example is brute forcing passwords. You can try every combination of characters, letters, and symbols, or you could use a dictionary list as a base for passwords. You can find dictionaries and prebuilt word lists based on common passwords online or you can create your own.

There are different types of brute force password attacks. There are online attacks such as trying to log in to a website or database repeatedly. Online attacks are much slower due to network latency and bandwidth limitations. Services may also rate limit or lockout accounts after too many failed attempts. On the other hand, there are also offline attacks. An example of an offline attack is when you have a database dump full...

Previous Section
End of Section 1
Next Section