Top 23 Go Security Projects
Fast, multi-platform web server with automatic HTTPSProject mention: Supporting Let’s Encrypt, the nonprofit making HTTPS free for all | news.ycombinator.com | 2021-06-14
first off, let me say, for me. I use Caddy (https://caddyserver.com/) and it just works. You start it, it gets a cert from letsencrypt and starts serving https. So it was (almost) zero work to serve with https.
As for reasons to encrypt
1. Prevents (I think) ISPs in the middle from injecting ads, spyware, phishing scams, etc on top of your site.
2. Prevents 3rd parties from seeing what pages the user is accessing. Some people would prefer that other's can not read over their shoulder and see what they're reading.
I know for me, I'm sensitive to that particular issue to the point that I don't really want to use Netflix, Amazon Prime, Spotify, etc. I really don't like the idea that they're building a profile of me based on what I watch and thinking they know who I am based on that.
It could be as simple as I don't want it known if I'm reading liberal or conservative blogs.
I'm sure others might have other reasons they don't want a 3rd party to know what specific pages they're reading.
ps: I get there are other ways to track me but I'm fairly confident that I'm avoiding most of them via HTTPS, VPNs, Private browser windows, multiple profiles, 3rd party cookies off, ad blockers, etc....
OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.Project mention: User account over Internet | reddit.com/r/linuxadmin | 2021-05-10
If you just have some services/users at a remote location that you want to authenticate/authorize using your existing user directory, I’d recommend using OAuth2/OpenID Connect over https. This has the added benefit of enabling users to enroll multi-factor, federating with other identity providers (if you want), is more future proof (LDAP isn’t cloud native/friendly), and can be exposed to the Internet without the need of a VPN relatively safely. Another benefit is support for remote users and SaaS - for example, enabling users working from home to authenticate to SaaS applications using their directory login (without SSL/agent-VPNs or punching holes in firewall). Examples include: Okta(free tier permits 2000 monthly active users), Keycloak,Dex,ory.sh.
Scout APM - Leading-edge performance monitoring starting at $39/month. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)Project mention: Creating Production-Ready Containers - The Basics | dev.to | 2021-06-03
There are many ways to slim a container, from basic security to fully automated open-source tools like DockerSlim. Full disclosure: I work for Slim.AI, a company founded on the DockerSlim open source project. Let's look at some of the common ways developers create production-ready container images today.
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.Project mention: Concerned about my local network security | reddit.com/r/hacking | 2021-05-29
I believe he’s referring to this link. It’s a multi-tool that you could run to do some more in-depth recon on the network activity including running MiTM attacks on the other hosts.
Certificate authority and access plane for SSH, Kubernetes, web applications, and databasesProject mention: Ask HN: Who is hiring? (June 2021) | news.ycombinator.com | 2021-06-01
eBPF-based Networking, Security, and ObservabilityProject mention: Gopher Gold #20 - Wed Nov 18 2020 | dev.to | 2020-11-17
cilium/cilium (Go): eBPF-based Networking, Security, and Observability
Simple and flexible tool for managing secretsProject mention: How to Handle Secrets on the Command Line | news.ycombinator.com | 2021-06-13
Sidenote: I really like the cookie consent form on this site. It's unobtrusive, clear, opt-out by default and the highlighted and only button is "Continue to site". Bravo to https://www.clym.io/
Nice article, covers the basics well. Credential files seem like simplest way to go and are secure enough for most local uses. For anything more involved a secrets manager is probably required. I've been using Linux for a long time and hadn't heard about `keyctl`, thanks for mentioning it. A more flexible solution might be https://github.com/mozilla/sops
Run Linux Software Faster and Safer than Linux with Unikernels.
A Simple and Comprehensive Vulnerability Scanner for Container Images, Git Repositories and Filesystems. Suitable for CIProject mention: Keycloak on Distroless | dev.to | 2021-05-27
The original and main purpose of this manipulation is to reduce the number of CVEs present in our image. We will be able to compare it using trivy again on our newly image.
The Single Sign-On Multi-Factor portal for web appsProject mention: Self hosting apps behind reverse proxy | reddit.com/r/selfhosted | 2021-06-07
Authelia is what you seek
Open-Source Phishing ToolkitProject mention: Phishing testing? | reddit.com/r/k12sysadmin | 2021-06-09
GoPhish is open source
Safely store secrets in Git/Mercurial/SubversionProject mention: How do you provision app secrets? | reddit.com/r/sysadmin | 2021-04-21
For Puppet i use blackbox
Let's Encrypt client and ACME library written in GoProject mention: Ask HN: Cheapest/ easiest way to host a static site | news.ycombinator.com | 2021-03-26
Golang security checkerProject mention: How to Handle Secrets on the Command Line | news.ycombinator.com | 2021-06-13
I defer to using AWS SSM to retrieve secrets https://github.com/kaihendry/dotfiles/blob/master/bin/ssm
But yeah, reading secrets of env or ps or the clipboard is a real issue, so I focus on making sure that doesn't leak.
I've made terrible mistakes leading /proc accidentally in my Web app https://github.com/securego/gosec/issues/569
A Tool for Domain FlyoversProject mention: Which is better choice for taking screenshots on large networks Aquatone or eyewitness ? | reddit.com/r/netsec | 2021-02-04
Manage your dotfiles across multiple diverse machines, securely.Project mention: Chezmoi: Manage your dotfiles across multiple diverse machines | news.ycombinator.com | 2021-05-30
CrowdSec - an open-source massively multiplayer firewall able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global IP reputation database to protect the user network.Project mention: CrowdSec: an open-source, modernized & collaborative fail2ban | reddit.com/r/Information_Security | 2021-06-01
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.Project mention: self signed certificates to secure ip of tomcat | reddit.com/r/devops | 2021-06-03
Highly recommended: cfssl or step CA to cover the CA and certificate creation. Can't help on the Tomcat side though.
🔒🌍 Security scanner for your Terraform codeProject mention: Terraforming in 2021 – new features, testing and compliance | dev.to | 2021-05-02
Here again more than one tool exists to assist. We will highlight two of the most popular ones here: tfsec and checkov. Both provide a predefined set of checks that they use to inspect your code, allowing to explicitly open exceptions (if you really want to) by annotating your code with comments, and adjust the configuration to ignore some modules, for example.
sso, aka S.S.Octopus, aka octoboi, is a single sign-on solution for securing internal servicesProject mention: Web proxy (Bastion ?) to access Website in "private" network. | reddit.com/r/selfhosted | 2021-05-20
https://github.com/buzzfeed/sso - Google only
Cameradar hacks its way into RTSP videosurveillance cameras
Privacy and Security focused Segment-alternative, in Golang and React
Google CTFProject mention: Computer Science Major looking for white hat (preferred) hackers that have respect for women in the CS Industry. | reddit.com/r/computerscience | 2021-06-14
Past year comps are also available to explore.
[mirror] Go supplementary cryptography librariesProject mention: Minio Changes License to AGPL | news.ycombinator.com | 2021-04-23
What are some of the best open-source Security projects in Go? This list will help you:
|3||Lean and Mean Docker containers||10,197|