It's a nice list of items, but I don't feel like it's informed from actual penet... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

tshadwell on July 15, 2015 | parent | context | favorite | on: Securing Go web applications

It's a nice list of items, but I don't feel like it's informed from actual penetration tests on Go apps. Bad Content-Type headers and DNS rebinding affect almost every Go web application out there.

Any naked Go server is usually vulnerable to DNS rebinding because it doesn't test the Host header.

Edit: see also: http://0xdabbad00.com/2015/04/12/looking_for_security_troubl...

dchest on July 15, 2015 [–]

The first mentioned package, secure, has AllowedHosts option: https://stablelib.com/doc/v1/net/secure/#Options

I should add it to the post, thanks.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact