Security with Go
eBook - ePub

Security with Go

John Daniel Leon

Partager le livre
  1. 340 pages
  2. English
  3. ePUB (adapté aux mobiles)
  4. Disponible sur iOS et Android
eBook - ePub

Security with Go

John Daniel Leon

DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations

À propos de ce livre

The first stop for your security needs when using Go, covering host, network, and cloud security for ethical hackers and defense against intrusionAbout This Book‱ First introduction to Security with Golang‱ Adopting a Blue Team/Red Team approach‱ Take advantage of speed and inherent safety of Golang‱ Works as an introduction to security for Golang developers‱ Works as a guide to Golang security packages for recent Golang beginnersWho This Book Is ForSecurity with Go is aimed at developers with basics in Go to the level that they can write their own scripts and small programs without difficulty. Readers should be familiar with security concepts, and familiarity with Python security applications and libraries is an advantage, but not a necessity. What You Will Learn‱ Learn the basic concepts and principles of secure programming‱ Write secure Golang programs and applications‱ Understand classic patterns of attack‱ Write Golang scripts to defend against network-level attacks‱ Learn how to use Golang security packages‱ Apply and explore cryptographic methods and packages‱ Learn the art of defending against brute force attacks‱ Secure web and cloud applicationsIn DetailGo is becoming more and more popular as a language for security experts. Its wide use in server and cloud environments, its speed and ease of use, and its evident capabilities for data analysis, have made it a prime choice for developers who need to think about security.Security with Go is the first Golang security book, and it is useful for both blue team and red team applications. With this book, you will learn how to write secure software, monitor your systems, secure your data, attack systems, and extract information.Defensive topics include cryptography, forensics, packet capturing, and building secure web applications.Offensive topics include brute force, port scanning, packet injection, web scraping, social engineering, and post exploitation techniques.Style and approachJohn Leon has divided the book into two parts which present the team playing defense against anyone breaking into servers and the team playing (ethical!) offense to perform said attacks. All Go scripts and programs are workable solutions that can be easily understood and expanded upon by anyone with a system administrator's level view of networking and cloud-based systems. Golang developers will profit from a swift and incisive approach to security.

Foire aux questions

Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier l’abonnement ». C’est aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via l’application. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă  la bibliothĂšque et Ă  toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode d’abonnement : avec l’abonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă  12 mois d’abonnement mensuel.
Qu’est-ce que Perlego ?
Nous sommes un service d’abonnement Ă  des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă  toute une bibliothĂšque pour un prix infĂ©rieur Ă  celui d’un seul livre par mois. Avec plus d’un million de livres sur plus de 1 000 sujets, nous avons ce qu’il vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Écouter sur votre prochain livre pour voir si vous pouvez l’écouter. L’outil Écouter lit le texte Ă  haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, l’accĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que Security with Go est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă  Security with Go par John Daniel Leon en format PDF et/ou ePUB ainsi qu’à d’autres livres populaires dans Ciencia de la computaciĂłn et Ciberseguridad. Nous disposons de plus d’un million d’ouvrages Ă  dĂ©couvrir dans notre catalogue.

Informations

Éditeur
Packt Publishing
Année
2018
ISBN
9781788622257
Édition
1
Sujet
Ciencia de la computaciĂłn
Sous-sujet
Ciberseguridad

Cryptography

Cryptography is the practice of securing communications even when a third-party can view those communications. There are two-way symmetric and asymmetric encryption methods, as well as one-way hashing algorithms.
Encryption is a critical part of the modern internet. With services such as LetsEncrypt.com, everyone has access to trusted SSL certificates. Our entire infrastructure relies on and trusts encryption to work to keep all our confidential data secret. It is important to properly encrypt and hash data correctly, and it is easy to misconfigure a service, leaving it vulnerable or exposed.
This chapter covers examples and use cases for the following:
  • Symmetric and asymmetric encryption
  • Signing and verifying messages
  • Hashing
  • Storing passwords securely
  • Generating secure random numbers
  • Creating and using TLS/SSL certificates

Hashing

Hashing is when a variable length message is transformed into a unique fixed-length alphanumeric string. There are various hashing algorithms available, such as MD5 and SHA1. Hashes are one-way and non-invertible, unlike symmetric encryption functions, such as AES, which can recover the original message if you have the key. Because hashes cannot be reversed, most of them are cracked by brute force. Crackers will build power-sucking rigs with several GPUs to hash every possible character combination until they find a hash that matches. They will also generate rainbow tables or files containing all of the hash outputs generated for quick lookup.
Salting your hashes is important for this reason. Salting is the process of adding a random string to the end of the password, provided by a user, to add more randomness or entropy. Consider an application that stores user login information and hashed passwords for authentication. If two users had the same password, then their hash output would be identical. Without salts, a cracker might find multiple people who use the same password and would only need to crack the hash one time. By adding a unique salt to each user's password, you ensure that each user has a unique hash value. Salting reduces the effectiveness of rainbow tables because, even if they knew the salt that goes with each hash, they would have to generate a rainbow able to each salt, which is time consuming.
Hashes are commonly used to validate passwords. Another common use is for file integrity. Large downloads often come with an MD5 or SHA1 hash of the file. After downloading you can hash the file to make sure that it matches the expected value. If it doesn't match, then the download was modified in some way. Hashing is also used as a way of recording indicators of compromise or IOCs. Files that are known to be malicious or dangerous are hashed, and that hash is stored in a catalog. These are often shared publicly so people can check suspicious files against known risks. It is much more efficient to store and compare a hash than the entire file.

Hashing small files

If a file is small enough to be contained in memory, the ReadFile() method works quickly. It loads the whole file into memory and then digests the data. The sum will be calculated with multiple different hash algorithms for demonstration:
package main

import (
 "crypto/md5"
 "crypto/sha1"
 "crypto/sha256"
 "crypto/sha512"
 "fmt"
 "io/ioutil"
 "log"
 "os"
)

func printUsage() {
 fmt.Println("Usage: " + os.Args[0] + " <filepath>")
 fmt.Println("Example: " + os.Args[0] + " document.txt")
}

func checkArgs() string {
 if len(os.Args) < 2 {
 printUsage()
 os.Exit(1)
 }
 return os.Args[1]
}

func main() {
 filename := checkArgs()

 // Get bytes from file
 data, err := ioutil.ReadFile(filename)
 if err != nil {
 log.Fatal(err)
 }

 // Hash the file and output results
 fmt.Printf("Md5: %x\n\n", md5.Sum(data))
 fmt.Printf("Sha1: %x\n\n", sha1.Sum(data))
 fmt.Printf("Sha256: %x\n\n", sha256.Sum256(data))
 fmt.Printf("Sha512: %x\n\n", sha512.Sum512(data))
}

Hashing large files

In the previous hashing example, the entire file to be hashed was loaded into memory before hashing. This is not practical or even possible when files reach a certain size. Physical memory limitations will come into play. Because the hashes are implemented as a block cipher, it will operate on one chunk at a time without the need to load the entire file in memory at once:
package main

import (
 "crypto/md5"
 "fmt"
 "io"
 "log"
 "os"
)

func printUsage() {
 fmt.Println("Usage: " + os.Args[0] + " <filename>")
 fmt.Println("Example: " + os.Args[0] + " diskimage.iso")
}

func checkArgs() string {
 if len(os.Args) < 2 {
 printUsage()
 os.Exit(1)
 }
 return os.Args[1]
}

func main() {
 filename := checkArgs()

 // Open file for reading
 file, err := os.Open(filename)
 if err != nil {
 log.Fatal(err)
 }
 defer file.Close()

 // Create new hasher, which is a writer interface
 hasher := md5.New()

 // Default buffer size for copying is 32*1024 or 32kb per copy
 // Use io.CopyBuffer() if you want to specify the buffer to use
 // It will write 32kb at a time to the digest/hash until EOF
 // The hasher implements a Write() function making it satisfy
 // the writer interface. The Write() function performs the digest
 // at the time the data is copied/written to it. It digests
 // and processes the hash one chunk at a time as it is received.
 _, err = io.Copy(hasher, file)
 if err != nil {
 log.Fatal(err)
 }

 // Now get the final sum or checksum.
 // We pass nil to the Sum() function because
 // we already copied the bytes via the Copy to the
 // writer interface and don't need to pass any new bytes
 checksum := hasher.Sum(nil)

 fmt.Printf("Md5 checksum: %x\n", checksum)
}

Storing passwords securely

Now that we know how to hash, we can talk about securely storing passwords. Hashing is an important factor when it comes to protecting passwords. Other important factors are salting, using a cryptographically strong hash function, and the optional use of hash-based message authentication code (HMAC), which all add an additional secret key into the hashing algorithm.
HMAC is an added layer that uses a secret key; so, even if an attacker got your database of hashed passwords with the salts, they would still have a difficult time cracking them without the secret key. The secret key should be stored in a separate location such as an environment variable rather than in the database with the hashed passwords and salts.
This example application has limited use as it is. Use it as a reference for your own applications
package main

import (
 "crypto/hmac"
 "crypto/rand"
 "crypto/sha256"
 "encoding/base64"
 "encoding/hex"
 "fmt"
 "io"
 "os"
)

func printUsage() {
 fmt.Println("Usage: " + os.Args[0] + " <password>")
 fmt.Println("Example: " + os.Args[0] + " Password1!")
}

func checkArgs() string {
 if len(os.Args) < 2 {
 printUsage()
 os.Exit(1)
 }
 return os.Args[1]
}

// secretKey should be unique, protected, private,
// and not hard-coded like this. Store in environment var
// or in a ...

Table des matiĂšres