Security with Go
eBook - ePub

Security with Go

John Daniel Leon

Share book
  1. 340 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Security with Go

John Daniel Leon

Book details
Book preview
Table of contents
Citations

About This Book

The first stop for your security needs when using Go, covering host, network, and cloud security for ethical hackers and defense against intrusionAbout This Bookā€¢ First introduction to Security with Golangā€¢ Adopting a Blue Team/Red Team approachā€¢ Take advantage of speed and inherent safety of Golangā€¢ Works as an introduction to security for Golang developersā€¢ Works as a guide to Golang security packages for recent Golang beginnersWho This Book Is ForSecurity with Go is aimed at developers with basics in Go to the level that they can write their own scripts and small programs without difficulty. Readers should be familiar with security concepts, and familiarity with Python security applications and libraries is an advantage, but not a necessity. What You Will Learnā€¢ Learn the basic concepts and principles of secure programmingā€¢ Write secure Golang programs and applicationsā€¢ Understand classic patterns of attackā€¢ Write Golang scripts to defend against network-level attacksā€¢ Learn how to use Golang security packagesā€¢ Apply and explore cryptographic methods and packagesā€¢ Learn the art of defending against brute force attacksā€¢ Secure web and cloud applicationsIn DetailGo is becoming more and more popular as a language for security experts. Its wide use in server and cloud environments, its speed and ease of use, and its evident capabilities for data analysis, have made it a prime choice for developers who need to think about security.Security with Go is the first Golang security book, and it is useful for both blue team and red team applications. With this book, you will learn how to write secure software, monitor your systems, secure your data, attack systems, and extract information.Defensive topics include cryptography, forensics, packet capturing, and building secure web applications.Offensive topics include brute force, port scanning, packet injection, web scraping, social engineering, and post exploitation techniques.Style and approachJohn Leon has divided the book into two parts which present the team playing defense against anyone breaking into servers and the team playing (ethical!) offense to perform said attacks. All Go scripts and programs are workable solutions that can be easily understood and expanded upon by anyone with a system administrator's level view of networking and cloud-based systems. Golang developers will profit from a swift and incisive approach to security.

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on ā€œCancel Subscriptionā€ - itā€™s as simple as that. After you cancel, your membership will stay active for the remainder of the time youā€™ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoā€™s features. The only differences are the price and subscription period: With the annual plan youā€™ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weā€™ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Security with Go an online PDF/ePUB?
Yes, you can access Security with Go by John Daniel Leon in PDF and/or ePUB format, as well as other popular books in Ciencia de la computaciĆ³n & Ciberseguridad. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Packt Publishing
Year
2018
ISBN
9781788622257
Edition
1
Topic
Ciencia de la computaciĆ³n
Subtopic
Ciberseguridad

Cryptography

Cryptography is the practice of securing communications even when a third-party can view those communications. There are two-way symmetric and asymmetric encryption methods, as well as one-way hashing algorithms.
Encryption is a critical part of the modern internet. With services such as LetsEncrypt.com, everyone has access to trusted SSL certificates. Our entire infrastructure relies on and trusts encryption to work to keep all our confidential data secret. It is important to properly encrypt and hash data correctly, and it is easy to misconfigure a service, leaving it vulnerable or exposed.
This chapter covers examples and use cases for the following:
  • Symmetric and asymmetric encryption
  • Signing and verifying messages
  • Hashing
  • Storing passwords securely
  • Generating secure random numbers
  • Creating and using TLS/SSL certificates

Hashing

Hashing is when a variable length message is transformed into a unique fixed-length alphanumeric string. There are various hashing algorithms available, such as MD5 and SHA1. Hashes are one-way and non-invertible, unlike symmetric encryption functions, such as AES, which can recover the original message if you have the key. Because hashes cannot be reversed, most of them are cracked by brute force. Crackers will build power-sucking rigs with several GPUs to hash every possible character combination until they find a hash that matches. They will also generate rainbow tables or files containing all of the hash outputs generated for quick lookup.
Salting your hashes is important for this reason. Salting is the process of adding a random string to the end of the password, provided by a user, to add more randomness or entropy. Consider an application that stores user login information and hashed passwords for authentication. If two users had the same password, then their hash output would be identical. Without salts, a cracker might find multiple people who use the same password and would only need to crack the hash one time. By adding a unique salt to each user's password, you ensure that each user has a unique hash value. Salting reduces the effectiveness of rainbow tables because, even if they knew the salt that goes with each hash, they would have to generate a rainbow able to each salt, which is time consuming.
Hashes are commonly used to validate passwords. Another common use is for file integrity. Large downloads often come with an MD5 or SHA1 hash of the file. After downloading you can hash the file to make sure that it matches the expected value. If it doesn't match, then the download was modified in some way. Hashing is also used as a way of recording indicators of compromise or IOCs. Files that are known to be malicious or dangerous are hashed, and that hash is stored in a catalog. These are often shared publicly so people can check suspicious files against known risks. It is much more efficient to store and compare a hash than the entire file.

Hashing small files

If a file is small enough to be contained in memory, the ReadFile() method works quickly. It loads the whole file into memory and then digests the data. The sum will be calculated with multiple different hash algorithms for demonstration:
package main

import (
 "crypto/md5"
 "crypto/sha1"
 "crypto/sha256"
 "crypto/sha512"
 "fmt"
 "io/ioutil"
 "log"
 "os"
)

func printUsage() {
 fmt.Println("Usage: " + os.Args[0] + " <filepath>")
 fmt.Println("Example: " + os.Args[0] + " document.txt")
}

func checkArgs() string {
 if len(os.Args) < 2 {
 printUsage()
 os.Exit(1)
 }
 return os.Args[1]
}

func main() {
 filename := checkArgs()

 // Get bytes from file
 data, err := ioutil.ReadFile(filename)
 if err != nil {
 log.Fatal(err)
 }

 // Hash the file and output results
 fmt.Printf("Md5: %x\n\n", md5.Sum(data))
 fmt.Printf("Sha1: %x\n\n", sha1.Sum(data))
 fmt.Printf("Sha256: %x\n\n", sha256.Sum256(data))
 fmt.Printf("Sha512: %x\n\n", sha512.Sum512(data))
}

Hashing large files

In the previous hashing example, the entire file to be hashed was loaded into memory before hashing. This is not practical or even possible when files reach a certain size. Physical memory limitations will come into play. Because the hashes are implemented as a block cipher, it will operate on one chunk at a time without the need to load the entire file in memory at once:
package main

import (
 "crypto/md5"
 "fmt"
 "io"
 "log"
 "os"
)

func printUsage() {
 fmt.Println("Usage: " + os.Args[0] + " <filename>")
 fmt.Println("Example: " + os.Args[0] + " diskimage.iso")
}

func checkArgs() string {
 if len(os.Args) < 2 {
 printUsage()
 os.Exit(1)
 }
 return os.Args[1]
}

func main() {
 filename := checkArgs()

 // Open file for reading
 file, err := os.Open(filename)
 if err != nil {
 log.Fatal(err)
 }
 defer file.Close()

 // Create new hasher, which is a writer interface
 hasher := md5.New()

 // Default buffer size for copying is 32*1024 or 32kb per copy
 // Use io.CopyBuffer() if you want to specify the buffer to use
 // It will write 32kb at a time to the digest/hash until EOF
 // The hasher implements a Write() function making it satisfy
 // the writer interface. The Write() function performs the digest
 // at the time the data is copied/written to it. It digests
 // and processes the hash one chunk at a time as it is received.
 _, err = io.Copy(hasher, file)
 if err != nil {
 log.Fatal(err)
 }

 // Now get the final sum or checksum.
 // We pass nil to the Sum() function because
 // we already copied the bytes via the Copy to the
 // writer interface and don't need to pass any new bytes
 checksum := hasher.Sum(nil)

 fmt.Printf("Md5 checksum: %x\n", checksum)
}

Storing passwords securely

Now that we know how to hash, we can talk about securely storing passwords. Hashing is an important factor when it comes to protecting passwords. Other important factors are salting, using a cryptographically strong hash function, and the optional use of hash-based message authentication code (HMAC), which all add an additional secret key into the hashing algorithm.
HMAC is an added layer that uses a secret key; so, even if an attacker got your database of hashed passwords with the salts, they would still have a difficult time cracking them without the secret key. The secret key should be stored in a separate location such as an environment variable rather than in the database with the hashed passwords and salts.
This example application has limited use as it is. Use it as a reference for your own applications
package main

import (
 "crypto/hmac"
 "crypto/rand"
 "crypto/sha256"
 "encoding/base64"
 "encoding/hex"
 "fmt"
 "io"
 "os"
)

func printUsage() {
 fmt.Println("Usage: " + os.Args[0] + " <password>")
 fmt.Println("Example: " + os.Args[0] + " Password1!")
}

func checkArgs() string {
 if len(os.Args) < 2 {
 printUsage()
 os.Exit(1)
 }
 return os.Args[1]
}

// secretKey should be unique, protected, private,
// and not hard-coded like this. Store in environment var
// or in a ...

Table of contents