Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Vulnerabilities in Golang

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Carol Carol
October 27, 2022
0
47

Vulnerabilities in Golang

Vulnerabilities in Golang - Supply chain security

Avatar for Carol

Carol

October 27, 2022
Tweet

More Decks by Carol

See All by Carol
Contribute to translate K8s Docs, Glossary and CNCF-whitepaper
Avatar for Carol krol3
1
100
DevSecOps em Aplicações, Cloud, Artefatos
Avatar for Carol krol3
2
140
Security in Cloud using Infrastructure as a Code (IaaS)
Avatar for Carol krol3
0
170
Compliance in Cloud Native
Avatar for Carol krol3
2
200
Security Opensource Tools in Cloud Native
Avatar for Carol krol3
1
210
Intro to Operators in Kubernetes
Avatar for Carol krol3
0
74
Container Security
Avatar for Carol krol3
4
310
Segurança em Kubernetes
Avatar for Carol krol3
1
210
Vault em Kubernetes
Avatar for Carol krol3
3
200

Featured

See All Featured
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
52
5.8k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
128
55k
Abbi's Birthday
Avatar for Violet Bock coloredviolet
1
4.7k
Highjacked: Video Game Concept Design
Avatar for Ryan Kendrick rkendrick25
PRO
1
290
How to Grow Your eCommerce with AI & Automation
Avatar for Katarina Dahlin katarinadahlin
PRO
1
110
Music & Morning Musume
Avatar for Bryan Veloso bryan
47
7.1k
Digital Projects Gone Horribly Wrong (And the UX Pros Who Still Save the Day) - Dean Schuster
Avatar for UX Y'all uxyall
0
360
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
Avatar for David Carrasco davidcarrasco
1
53
The Power of CSS Pseudo Elements
Avatar for Geoffrey Crofte geoffreycrofte
80
6.2k
Game over? The fight for quality and originality in the time of robots
Avatar for Wayne Barker wayneb77
1
120
Collaborative Software Design: How to facilitate domain modelling decisions
Avatar for Kenny Baas-Schwegler baasie
0
140
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
Avatar for Beat Signer signer
PRO
0
3.2k

Transcript

  1. © 2022 Aqua Security Software Ltd., All Rights Reserved Desmistificando

    as Vulnerabilidades em Golang

  2. 2 in/carolgv krol3 @krol_valencia

  3. 3 • Intro • Vulnerabilities • Secure Golang in the

    SDLC Agenda

  4. 4 Security is Hard Process, People and Technology

  5. 5 Container security? k8s security? Cybersecurity?

  6. 6

  7. 7 Who’ s to blame for the security breach ?

  8. 8 Maturity Model in my company – Agile process

  9. 9 Maturity Model in my company – Agile process

  10. 10 Applying Devops …. Where is the vulnerabilities in my

    SDLC? ….

  11. 11 Vulnerabilities

  12. 12 A flaw or weakness that may allow harm to

    occur to an IT system or activity.

  13. 13 Common Vulnerabilities and Exposures Is it an exploitable vulnerability?

  14. 14 Zero day CISO Chief Information Security Officer

  15. 15 Developing web applications … What are the common vulnerabilities?

  16. 16 Top 10 Open Web Application Security Project – Top

    10

  17. Go net library affected by critical ip address validation vulnerability

    https://www.bleepingcomputer.com/news/security/go-rust-net-library-affected-by-critical-ip-address-validation-vulnerability/ SSRF - Server side request forgery

  18. 18 Secure Golang in the Software Development Lifecycle (SDLC)

  19. 19 Go vulnerability check

  20. 20 Go vulnerability check

  21. 21 Go vulnerability check https://go.dev/security/vuln/

  22. 22 Before vulncheck

  23. 23 How scanners work? How to find CVEs?

  24. 24 Golang Dependency Management

  25. 25 go.mod go.sum

  26. 26 Lock file ? - Dependency Confusion

  27. 27 Auditable Checksum database https://go.dev/blog/module-mirror-launch

  28. 28 Open Source Vulnerabilities https://www.synopsys.com/software-integrity/resources/analyst-reports/open-source-security-risk-analysis.html

  29. 29 Consumer / Producer Code – Supply chain

  30. 30 scala-network/GUI-miner dstellitecoin/gui-miner Supply Chain Attacks

  31. 31 Supply Chain Attacks

  32. 32 Supply Chain Attacks

  33. 34 Supply Chain Attacks

  34. 35 Supply Chain Security Tool

  35. 36

  36. None

  37. 38 Applying Devops ….

  38. 39 New technology ... new security holes ... new security

    best practices.

  39. 40 Applying DevSecOps ….

  40. 41 Pipeline sample https://github.com/krol3/demo-go-xss/

  41. 42 Pipeline sample – Detecting xss

  42. 43

  43. © 2022 Aqua Security Software Ltd., All Rights Reserved Thanks

    in/carolgv krol3 @krol_valencia