Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Vulnerabilities in Golang
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Carol
October 27, 2022
53
0
Share
Vulnerabilities in Golang
Vulnerabilities in Golang - Supply chain security
Carol
October 27, 2022
More Decks by Carol
See All by Carol
Contribute to translate K8s Docs, Glossary and CNCF-whitepaper
krol3
1
110
DevSecOps em Aplicações, Cloud, Artefatos
krol3
2
150
Security in Cloud using Infrastructure as a Code (IaaS)
krol3
0
170
Compliance in Cloud Native
krol3
2
210
Security Opensource Tools in Cloud Native
krol3
1
220
Intro to Operators in Kubernetes
krol3
0
80
Container Security
krol3
4
320
Segurança em Kubernetes
krol3
1
220
Vault em Kubernetes
krol3
3
210
Featured
See All Featured
Impact Scores and Hybrid Strategies: The future of link building
tamaranovitovic
0
260
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
4
2.6k
Joys of Absence: A Defence of Solitary Play
codingconduct
1
350
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
1
230
Building Flexible Design Systems
yeseniaperezcruz
330
40k
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
310
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
10
1.1k
Mozcon NYC 2025: Stop Losing SEO Traffic
samtorres
0
200
Designing for Performance
lara
611
70k
A Guide to Academic Writing Using Generative AI - A Workshop
ks91
PRO
1
270
Designing for Timeless Needs
cassininazir
0
190
GraphQLとの向き合い方2022年版
quramy
50
15k
Transcript
© 2022 Aqua Security Software Ltd., All Rights Reserved Desmistificando
as Vulnerabilidades em Golang
2 in/carolgv krol3 @krol_valencia
3 • Intro • Vulnerabilities • Secure Golang in the
SDLC Agenda
4 Security is Hard Process, People and Technology
5 Container security? k8s security? Cybersecurity?
6
7 Who’ s to blame for the security breach ?
8 Maturity Model in my company – Agile process
9 Maturity Model in my company – Agile process
10 Applying Devops …. Where is the vulnerabilities in my
SDLC? ….
11 Vulnerabilities
12 A flaw or weakness that may allow harm to
occur to an IT system or activity.
13 Common Vulnerabilities and Exposures Is it an exploitable vulnerability?
14 Zero day CISO Chief Information Security Officer
15 Developing web applications … What are the common vulnerabilities?
16 Top 10 Open Web Application Security Project – Top
10
Go net library affected by critical ip address validation vulnerability
https://www.bleepingcomputer.com/news/security/go-rust-net-library-affected-by-critical-ip-address-validation-vulnerability/ SSRF - Server side request forgery
18 Secure Golang in the Software Development Lifecycle (SDLC)
19 Go vulnerability check
20 Go vulnerability check
21 Go vulnerability check https://go.dev/security/vuln/
22 Before vulncheck
23 How scanners work? How to find CVEs?
24 Golang Dependency Management
25 go.mod go.sum
26 Lock file ? - Dependency Confusion
27 Auditable Checksum database https://go.dev/blog/module-mirror-launch
28 Open Source Vulnerabilities https://www.synopsys.com/software-integrity/resources/analyst-reports/open-source-security-risk-analysis.html
29 Consumer / Producer Code – Supply chain
30 scala-network/GUI-miner dstellitecoin/gui-miner Supply Chain Attacks
31 Supply Chain Attacks
32 Supply Chain Attacks
34 Supply Chain Attacks
35 Supply Chain Security Tool
36
None
38 Applying Devops ….
39 New technology ... new security holes ... new security
best practices.
40 Applying DevSecOps ….
41 Pipeline sample https://github.com/krol3/demo-go-xss/
42 Pipeline sample – Detecting xss
43
© 2022 Aqua Security Software Ltd., All Rights Reserved Thanks
in/carolgv krol3 @krol_valencia
krol3
tamaranovitovic
inesmontani
codingconduct
minecr
yeseniaperezcruz
akashhashmi
addyosmani
samtorres
lara
ks91
cassininazir
quramy
