Top security best practices for Go
- You should validate user entries (using native Go packages or 3rd party packages) not only for functionality but also to avoid attackers sending intrusive data.
- Ensure each database user has limited permissions, that you are validating user inputs and that you are using parameterized queries to protect yourself from SQL injections.
- Make the best use of Go’s crypto package to encrypt sensitive information.
- Enforce HTTPS communication and implement in-transit encryption even for internal communication.
- Remember that error messages and error logs can expose sensitive information. Use the native library in Go for logs or third-party options like logrus, glog or logo.
Full post here, 6 mins read