eBook - ePub

Security with Go

Name: Security with Go
Author: John Daniel Leon

John Daniel Leon

Compartir libro

340 páginas
English
ePUB (apto para móviles)
Disponible en iOS y Android

eBook - ePub

Security with Go

John Daniel Leon

Detalles del libro

Vista previa del libro

Índice

Citas

Información del libro

The first stop for your security needs when using Go, covering host, network, and cloud security for ethical hackers and defense against intrusionAbout This Book• First introduction to Security with Golang• Adopting a Blue Team/Red Team approach• Take advantage of speed and inherent safety of Golang• Works as an introduction to security for Golang developers• Works as a guide to Golang security packages for recent Golang beginnersWho This Book Is ForSecurity with Go is aimed at developers with basics in Go to the level that they can write their own scripts and small programs without difficulty. Readers should be familiar with security concepts, and familiarity with Python security applications and libraries is an advantage, but not a necessity. What You Will Learn• Learn the basic concepts and principles of secure programming• Write secure Golang programs and applications• Understand classic patterns of attack• Write Golang scripts to defend against network-level attacks• Learn how to use Golang security packages• Apply and explore cryptographic methods and packages• Learn the art of defending against brute force attacks• Secure web and cloud applicationsIn DetailGo is becoming more and more popular as a language for security experts. Its wide use in server and cloud environments, its speed and ease of use, and its evident capabilities for data analysis, have made it a prime choice for developers who need to think about security.Security with Go is the first Golang security book, and it is useful for both blue team and red team applications. With this book, you will learn how to write secure software, monitor your systems, secure your data, attack systems, and extract information.Defensive topics include cryptography, forensics, packet capturing, and building secure web applications.Offensive topics include brute force, port scanning, packet injection, web scraping, social engineering, and post exploitation techniques.Style and approachJohn Leon has divided the book into two parts which present the team playing defense against anyone breaking into servers and the team playing (ethical!) offense to perform said attacks. All Go scripts and programs are workable solutions that can be easily understood and expanded upon by anyone with a system administrator's level view of networking and cloud-based systems. Golang developers will profit from a swift and incisive approach to security.

Preguntas frecuentes

¿Cómo cancelo mi suscripción?

Simplemente, dirígete a la sección ajustes de la cuenta y haz clic en «Cancelar suscripción». Así de sencillo. Después de cancelar tu suscripción, esta permanecerá activa el tiempo restante que hayas pagado. Obtén más información aquí.

¿Cómo descargo los libros?

Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.

¿En qué se diferencian los planes de precios?

Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.

¿Qué es Perlego?

Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.

¿Perlego ofrece la función de texto a voz?

Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.

¿Es Security with Go un PDF/ePUB en línea?

Sí, puedes acceder a Security with Go de John Daniel Leon en formato PDF o ePUB, así como a otros libros populares de Ciencia de la computación y Ciberseguridad. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.

Información

Editorial

Packt Publishing

Año

2018

ISBN

9781788622257

Edición

Categoría

Ciencia de la computación

Categoría

Ciberseguridad

Cryptography

Cryptography is the practice of securing communications even when a third-party can view those communications. There are two-way symmetric and asymmetric encryption methods, as well as one-way hashing algorithms.

Encryption is a critical part of the modern internet. With services such as LetsEncrypt.com, everyone has access to trusted SSL certificates. Our entire infrastructure relies on and trusts encryption to work to keep all our confidential data secret. It is important to properly encrypt and hash data correctly, and it is easy to misconfigure a service, leaving it vulnerable or exposed.

This chapter covers examples and use cases for the following:

Symmetric and asymmetric encryption
Signing and verifying messages
Hashing
Storing passwords securely
Generating secure random numbers
Creating and using TLS/SSL certificates

Hashing

Hashing is when a variable length message is transformed into a unique fixed-length alphanumeric string. There are various hashing algorithms available, such as MD5 and SHA1. Hashes are one-way and non-invertible, unlike symmetric encryption functions, such as AES, which can recover the original message if you have the key. Because hashes cannot be reversed, most of them are cracked by brute force. Crackers will build power-sucking rigs with several GPUs to hash every possible character combination until they find a hash that matches. They will also generate rainbow tables or files containing all of the hash outputs generated for quick lookup.

Salting your hashes is important for this reason. Salting is the process of adding a random string to the end of the password, provided by a user, to add more randomness or entropy. Consider an application that stores user login information and hashed passwords for authentication. If two users had the same password, then their hash output would be identical. Without salts, a cracker might find multiple people who use the same password and would only need to crack the hash one time. By adding a unique salt to each user's password, you ensure that each user has a unique hash value. Salting reduces the effectiveness of rainbow tables because, even if they knew the salt that goes with each hash, they would have to generate a rainbow able to each salt, which is time consuming.

Hashes are commonly used to validate passwords. Another common use is for file integrity. Large downloads often come with an MD5 or SHA1 hash of the file. After downloading you can hash the file to make sure that it matches the expected value. If it doesn't match, then the download was modified in some way. Hashing is also used as a way of recording indicators of compromise or IOCs. Files that are known to be malicious or dangerous are hashed, and that hash is stored in a catalog. These are often shared publicly so people can check suspicious files against known risks. It is much more efficient to store and compare a hash than the entire file.

Hashing small files

If a file is small enough to be contained in memory, the ReadFile() method works quickly. It loads the whole file into memory and then digests the data. The sum will be calculated with multiple different hash algorithms for demonstration:

package main

import (
 "crypto/md5"
 "crypto/sha1"
 "crypto/sha256"
 "crypto/sha512"
 "fmt"
 "io/ioutil"
 "log"
 "os"
)

func printUsage() {
 fmt.Println("Usage: " + os.Args[0] + " <filepath>")
 fmt.Println("Example: " + os.Args[0] + " document.txt")
}

func checkArgs() string {
 if len(os.Args) < 2 {
 printUsage()
 os.Exit(1)
 }
 return os.Args[1]
}

func main() {
 filename := checkArgs()

 // Get bytes from file
 data, err := ioutil.ReadFile(filename)
 if err != nil {
 log.Fatal(err)
 }

 // Hash the file and output results
 fmt.Printf("Md5: %x\n\n", md5.Sum(data))
 fmt.Printf("Sha1: %x\n\n", sha1.Sum(data))
 fmt.Printf("Sha256: %x\n\n", sha256.Sum256(data))
 fmt.Printf("Sha512: %x\n\n", sha512.Sum512(data))
}

Hashing large files

In the previous hashing example, the entire file to be hashed was loaded into memory before hashing. This is not practical or even possible when files reach a certain size. Physical memory limitations will come into play. Because the hashes are implemented as a block cipher, it will operate on one chunk at a time without the need to load the entire file in memory at once:

package main

import (
 "crypto/md5"
 "fmt"
 "io"
 "log"
 "os"
)

func printUsage() {
 fmt.Println("Usage: " + os.Args[0] + " <filename>")
 fmt.Println("Example: " + os.Args[0] + " diskimage.iso")
}

func checkArgs() string {
 if len(os.Args) < 2 {
 printUsage()
 os.Exit(1)
 }
 return os.Args[1]
}

func main() {
 filename := checkArgs()

 // Open file for reading
 file, err := os.Open(filename)
 if err != nil {
 log.Fatal(err)
 }
 defer file.Close()

 // Create new hasher, which is a writer interface
 hasher := md5.New()

 // Default buffer size for copying is 32*1024 or 32kb per copy
 // Use io.CopyBuffer() if you want to specify the buffer to use
 // It will write 32kb at a time to the digest/hash until EOF
 // The hasher implements a Write() function making it satisfy
 // the writer interface. The Write() function performs the digest
 // at the time the data is copied/written to it. It digests
 // and processes the hash one chunk at a time as it is received.
 _, err = io.Copy(hasher, file)
 if err != nil {
 log.Fatal(err)
 }

 // Now get the final sum or checksum.
 // We pass nil to the Sum() function because
 // we already copied the bytes via the Copy to the
 // writer interface and don't need to pass any new bytes
 checksum := hasher.Sum(nil)

 fmt.Printf("Md5 checksum: %x\n", checksum)
}

Storing passwords securely

Now that we know how to hash, we can talk about securely storing passwords. Hashing is an important factor when it comes to protecting passwords. Other important factors are salting, using a cryptographically strong hash function, and the optional use of hash-based message authentication code (HMAC), which all add an additional secret key into the hashing algorithm.

HMAC is an added layer that uses a secret key; so, even if an attacker got your database of hashed passwords with the salts, they would still have a difficult time cracking them without the secret key. The secret key should be stored in a separate location such as an environment variable rather than in the database with the hashed passwords and salts.

This example application has limited use as it is. Use it as a reference for your own applications

package main

import (
 "crypto/hmac"
 "crypto/rand"
 "crypto/sha256"
 "encoding/base64"
 "encoding/hex"
 "fmt"
 "io"
 "os"
)

func printUsage() {
 fmt.Println("Usage: " + os.Args[0] + " <password>")
 fmt.Println("Example: " + os.Args[0] + " Password1!")
}

func checkArgs() string {
 if len(os.Args) < 2 {
 printUsage()
 os.Exit(1)
 }
 return os.Args[1]
}

// secretKey should be unique, protected, private,
// and not hard-coded like this. Store in environment var
// or in a ...