Go Security Audit and Fuzzing

Go (golang) is a statically typed and compiled programming language designed by Google. Over the years, it has become a language of choice for developers to build concurrency backend applications while maintaining high performance at scale.

This course teaches you all the prerequisites to understand which kind of vulnerability can be found inside Go code. You will learn how to find low-hanging fruits bugs manually and automatically using different Go auditing tools. You will discover how to use existing Go fuzzing coverage-guided frameworks, triage/debug crashes, and improve your code coverage. Finally, you will discover how to build custom Go fuzzers and implement advanced fuzzing techniques to find in-depth bugs on popular Go packages.

Along this training, students will deal with a lot of hands-on exercises allowing them to internalize concepts and techniques taught in class.

Topics Covered during this Course

Introduction to Golang and its Ecosystem
Golang Security concepts
- Concurrency, Garbage collector, etc.
Golang vulnerabilities
- Error handling, panics, nil pointer dereference
- Index out of bound, Stack overflow, resource exhaustion (OOM)
- Advanced vulnerabilities
Attack surface discovery & Auditing tools
Introduction to Golang Fuzzing
Coverage-guided Fuzzing
- go-fuzz / libfuzzer
Go Fuzz testing workflow and Corpus selection
Code coverage, Corpus minimization
Crashes Triaging and Debugging
Other Advanced Fuzz Testing techniques
Differential Go Fuzzing
Writing Custom Go Fuzzers

CLASS REQUIREMENTS

Participants should have some basis with the Go language and Linux. This course is suitable for people that are new to Go. All the theory and concepts about Go security vulnerability research and Go fuzz testing will be explained during the course.

Hardware Requirements

A working laptop capable of running virtual machines. 4GB RAM required, at a minimum. 40 GB free Hard disk space. Minimum software to install Virtualbox or VMware Player, VMware Workstation, VMware Fusion.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Go Security Audit and Fuzzing

Topics Covered during this Course

CLASS REQUIREMENTS

FREE Courses & Training

Enter your email and we'll send you a bundle of awesome resources. 100% free - 100% awesome.

Any questions about our services and trainings ?

Get in touch today with any questions that you might have.