├── .gitignore ├── CONTRIBUTING.md ├── Dockerfile ├── LICENSE ├── README.md ├── VERSION ├── book.json ├── dist ├── .gitkeep ├── go-webapp-scp.docx ├── go-webapp-scp.epub ├── go-webapp-scp.mobi └── go-webapp-scp.pdf ├── docker-compose.yml ├── package.json └── src ├── LICENSE ├── README.md ├── SUMMARY.md ├── access-control ├── README.md └── URL.go ├── authentication-password-management ├── README.md ├── communicating-authentication-data.md ├── other-guidelines.md ├── password-policies.md └── validation-and-storage.md ├── communication-security ├── README.md ├── http-tls.md ├── img │ ├── InsecureHeader.png │ ├── w1_1.png │ ├── w2_1.png │ ├── ws_tls_upgrade.png │ └── wss_secure.png └── websockets.md ├── cover.jpg ├── cover.xcf ├── cover_small.jpg ├── cryptographic-practices ├── README.md └── pseudo-random-generators.md ├── data-protection ├── README.md └── files │ └── cB52MA.jpeg ├── database-security ├── README.md ├── authentication.md ├── connections.md ├── parameterized-queries.md └── stored-procedures.md ├── error-handling-logging ├── README.md ├── assets │ ├── log-integrity.go │ └── log │ │ ├── checksum │ │ └── log ├── error-handling.md └── logging.md ├── file-management ├── README.md └── filetype │ ├── filetype.go │ ├── logo.jpg │ └── logo.png ├── final-notes.md ├── general-coding-practices.md ├── general-coding-practices ├── README.md ├── cross-site-request-forgery.md └── regular-expressions.md ├── howto-contribute.md ├── input-validation ├── README.md ├── sanitization.md └── validation.md ├── memory-management └── README.md ├── output-encoding ├── README.md ├── cross-site-scripting.md ├── images │ ├── html-template-plain-text.png │ ├── html-template-text-plain-noxss.png │ ├── text-html.png │ ├── text-plain.png │ ├── text-template-xss.png │ └── xss.png └── sql-injection.md ├── session-management ├── README.md ├── img │ └── SessionManagementOverview.png └── session.go └── system-configuration ├── README.md └── files ├── assetManagement.jpg ├── directoryListSafe.go ├── headers_set_versions.jpg ├── index_file.png ├── safe.png ├── safe2.png ├── test └── password.txt └── tmp └── static └── index.html /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules/ 2 | npm-debug.log 3 | _book 4 | *.swp 5 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/Dockerfile -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/README.md -------------------------------------------------------------------------------- /VERSION: -------------------------------------------------------------------------------- 1 | 2.6.6 -------------------------------------------------------------------------------- /book.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/book.json -------------------------------------------------------------------------------- /dist/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /dist/go-webapp-scp.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/dist/go-webapp-scp.docx -------------------------------------------------------------------------------- /dist/go-webapp-scp.epub: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/dist/go-webapp-scp.epub -------------------------------------------------------------------------------- /dist/go-webapp-scp.mobi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/dist/go-webapp-scp.mobi -------------------------------------------------------------------------------- /dist/go-webapp-scp.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/dist/go-webapp-scp.pdf -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/docker-compose.yml -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/package.json -------------------------------------------------------------------------------- /src/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/LICENSE -------------------------------------------------------------------------------- /src/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/README.md -------------------------------------------------------------------------------- /src/SUMMARY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/SUMMARY.md -------------------------------------------------------------------------------- /src/access-control/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/access-control/README.md -------------------------------------------------------------------------------- /src/access-control/URL.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/access-control/URL.go -------------------------------------------------------------------------------- /src/authentication-password-management/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/authentication-password-management/README.md -------------------------------------------------------------------------------- /src/authentication-password-management/communicating-authentication-data.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/authentication-password-management/communicating-authentication-data.md -------------------------------------------------------------------------------- /src/authentication-password-management/other-guidelines.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/authentication-password-management/other-guidelines.md -------------------------------------------------------------------------------- /src/authentication-password-management/password-policies.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/authentication-password-management/password-policies.md -------------------------------------------------------------------------------- /src/authentication-password-management/validation-and-storage.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/authentication-password-management/validation-and-storage.md -------------------------------------------------------------------------------- /src/communication-security/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/communication-security/README.md -------------------------------------------------------------------------------- /src/communication-security/http-tls.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/communication-security/http-tls.md -------------------------------------------------------------------------------- /src/communication-security/img/InsecureHeader.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/communication-security/img/InsecureHeader.png -------------------------------------------------------------------------------- /src/communication-security/img/w1_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/communication-security/img/w1_1.png -------------------------------------------------------------------------------- /src/communication-security/img/w2_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/communication-security/img/w2_1.png -------------------------------------------------------------------------------- /src/communication-security/img/ws_tls_upgrade.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/communication-security/img/ws_tls_upgrade.png -------------------------------------------------------------------------------- /src/communication-security/img/wss_secure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/communication-security/img/wss_secure.png -------------------------------------------------------------------------------- /src/communication-security/websockets.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/communication-security/websockets.md -------------------------------------------------------------------------------- /src/cover.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/cover.jpg -------------------------------------------------------------------------------- /src/cover.xcf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/cover.xcf -------------------------------------------------------------------------------- /src/cover_small.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/cover_small.jpg -------------------------------------------------------------------------------- /src/cryptographic-practices/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/cryptographic-practices/README.md -------------------------------------------------------------------------------- /src/cryptographic-practices/pseudo-random-generators.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/cryptographic-practices/pseudo-random-generators.md -------------------------------------------------------------------------------- /src/data-protection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/data-protection/README.md -------------------------------------------------------------------------------- /src/data-protection/files/cB52MA.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/data-protection/files/cB52MA.jpeg -------------------------------------------------------------------------------- /src/database-security/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/database-security/README.md -------------------------------------------------------------------------------- /src/database-security/authentication.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/database-security/authentication.md -------------------------------------------------------------------------------- /src/database-security/connections.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/database-security/connections.md -------------------------------------------------------------------------------- /src/database-security/parameterized-queries.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/database-security/parameterized-queries.md -------------------------------------------------------------------------------- /src/database-security/stored-procedures.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/database-security/stored-procedures.md -------------------------------------------------------------------------------- /src/error-handling-logging/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/error-handling-logging/README.md -------------------------------------------------------------------------------- /src/error-handling-logging/assets/log-integrity.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/error-handling-logging/assets/log-integrity.go -------------------------------------------------------------------------------- /src/error-handling-logging/assets/log/checksum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/error-handling-logging/assets/log/checksum -------------------------------------------------------------------------------- /src/error-handling-logging/assets/log/log: -------------------------------------------------------------------------------- 1 | This a sample log entry. -------------------------------------------------------------------------------- /src/error-handling-logging/error-handling.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/error-handling-logging/error-handling.md -------------------------------------------------------------------------------- /src/error-handling-logging/logging.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/error-handling-logging/logging.md -------------------------------------------------------------------------------- /src/file-management/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/file-management/README.md -------------------------------------------------------------------------------- /src/file-management/filetype/filetype.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/file-management/filetype/filetype.go -------------------------------------------------------------------------------- /src/file-management/filetype/logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/file-management/filetype/logo.jpg -------------------------------------------------------------------------------- /src/file-management/filetype/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/file-management/filetype/logo.png -------------------------------------------------------------------------------- /src/final-notes.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/final-notes.md -------------------------------------------------------------------------------- /src/general-coding-practices.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/general-coding-practices.md -------------------------------------------------------------------------------- /src/general-coding-practices/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/general-coding-practices/README.md -------------------------------------------------------------------------------- /src/general-coding-practices/cross-site-request-forgery.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/general-coding-practices/cross-site-request-forgery.md -------------------------------------------------------------------------------- /src/general-coding-practices/regular-expressions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/general-coding-practices/regular-expressions.md -------------------------------------------------------------------------------- /src/howto-contribute.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/howto-contribute.md -------------------------------------------------------------------------------- /src/input-validation/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/input-validation/README.md -------------------------------------------------------------------------------- /src/input-validation/sanitization.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/input-validation/sanitization.md -------------------------------------------------------------------------------- /src/input-validation/validation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/input-validation/validation.md -------------------------------------------------------------------------------- /src/memory-management/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/memory-management/README.md -------------------------------------------------------------------------------- /src/output-encoding/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/output-encoding/README.md -------------------------------------------------------------------------------- /src/output-encoding/cross-site-scripting.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/output-encoding/cross-site-scripting.md -------------------------------------------------------------------------------- /src/output-encoding/images/html-template-plain-text.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/output-encoding/images/html-template-plain-text.png -------------------------------------------------------------------------------- /src/output-encoding/images/html-template-text-plain-noxss.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/output-encoding/images/html-template-text-plain-noxss.png -------------------------------------------------------------------------------- /src/output-encoding/images/text-html.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/output-encoding/images/text-html.png -------------------------------------------------------------------------------- /src/output-encoding/images/text-plain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/output-encoding/images/text-plain.png -------------------------------------------------------------------------------- /src/output-encoding/images/text-template-xss.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/output-encoding/images/text-template-xss.png -------------------------------------------------------------------------------- /src/output-encoding/images/xss.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/output-encoding/images/xss.png -------------------------------------------------------------------------------- /src/output-encoding/sql-injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/output-encoding/sql-injection.md -------------------------------------------------------------------------------- /src/session-management/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/session-management/README.md -------------------------------------------------------------------------------- /src/session-management/img/SessionManagementOverview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/session-management/img/SessionManagementOverview.png -------------------------------------------------------------------------------- /src/session-management/session.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/session-management/session.go -------------------------------------------------------------------------------- /src/system-configuration/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/system-configuration/README.md -------------------------------------------------------------------------------- /src/system-configuration/files/assetManagement.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/system-configuration/files/assetManagement.jpg -------------------------------------------------------------------------------- /src/system-configuration/files/directoryListSafe.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/system-configuration/files/directoryListSafe.go -------------------------------------------------------------------------------- /src/system-configuration/files/headers_set_versions.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/system-configuration/files/headers_set_versions.jpg -------------------------------------------------------------------------------- /src/system-configuration/files/index_file.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/system-configuration/files/index_file.png -------------------------------------------------------------------------------- /src/system-configuration/files/safe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/system-configuration/files/safe.png -------------------------------------------------------------------------------- /src/system-configuration/files/safe2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/system-configuration/files/safe2.png -------------------------------------------------------------------------------- /src/system-configuration/files/test/password.txt: -------------------------------------------------------------------------------- 1 | secret key! -------------------------------------------------------------------------------- /src/system-configuration/files/tmp/static/index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/Go-SCP/HEAD/src/system-configuration/files/tmp/static/index.html --------------------------------------------------------------------------------