Go-SCP
Go-SCP copied to clipboard
OWASP
Golang Secure Coding Practices guide
Hi. There are code inserts with the bcrypt library in the text [(link).](https://github.com/OWASP/Go-SCP/blob/master/src/authentication-password-management/validation-and-storage.md#storing-password-securely-the-practice) However, the code itself is incorrect. Here is an example with goplay: https://play.golang.com/p/kqXCPZ7ifCQ Suggest the right changes?
It would be good to add some automation to this project, nothing fancy - probably a link checker to start with. This could be run on pull-request or merge to...
Page 9 recommends gorilla as a 3rd party package, but the gorilla maintainers have archived the project.
The section "Sanitization" talks about what needs to be done to safely display user submitted content, which doesn't actually have anything to do with "Input Validation", despite being a part...
Most of the non-compliant Go SQL code I see is actually abuse of templates, rather than string joins. We should show non-compliance via templating as well, so that developers do...
From the Validation section, is this part backwards? `Anytime data is passed from a trusted source to a less-trusted source,...`
"sequential authentication implementations (like Google does nowadays)" in https://github.com/OWASP/Go-SCP/blob/master/src/authentication-password-management/validation-and-storage.md
Should we remove the 1st example here in case someone doesn't read the rest of the page? https://github.com/OWASP/Go-SCP/blob/master/src/authentication-password-management/validation-and-storage.md
- In the Memory Management section, added a new subsection related to memory leakage scenarios. - In Communication Security, a new subsection related to gRPC(Google Remote Procedure Call) has been...
