Cargando…
Security with Go : Explore the power of Golang to secure host, web, and cloud services.
Since Go has become enormously popular, Go's obvious advantages, like stability, speed and simplicity, make it a first class choice to develop security-oriented scripts and applications. Security with Go is a classical title for security developers, with its emphasis on Go. Based on John Leon&#...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Birmingham :
Packt Publishing,
2018.
|
| Temas: | |
| Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Cover
- Copyright and Credits
- Packt Upsell
- Contributors
- Table of Contents
- Preface
- Chapter 1: Introduction to Security with Go
- About Go
- Go language design
- The History of Go
- Adoption and community
- Common criticisms about Go
- The Go toolchain
- Go mascot
- Learning Go
- Why use Go?
- Why use Go for security?
- Why not use Python?
- Why not use Java?
- Why not use C++?
- Development environment
- Installing Go on other platforms
- Other Linux distributions
- Windows
- Mac
- Setting up Go
- Creating your workspace
- Setting up environment variables
- Editors
- Creating your first package
- Writing your first program
- Running the executable file
- Building the executable file
- Installing the executable file
- Formatting with go fmt
- Running Go examples
- Building a single Go file
- Running a single Go file
- Building multiple Go files
- Building a folder (package)
- Installing a program for use
- Summary
- Chapter 2: The Go Programming Language
- Go language specification
- The Go playground
- A tour of Go
- Keywords
- Notes about source code
- Comments
- Types
- Boolean
- Numeric
- Generic numbers
- Specific numbers
- Unsigned integers
- Signed integers
- Floating point numbers
- Other numeric types
- String
- Array
- Slice
- Struct
- Pointer
- Function
- Interface
- Map
- Channel
- Control structures
- if
- for
- range
- switch, case, fallthrough, and default
- goto
- Defer
- Packages
- Classes
- Inheritance
- Polymorphism
- Constructors
- Methods
- Operator overloading
- Goroutines
- Getting help and documentation
- Online Go documentation
- Offline Go documentation
- Summary
- Chapter 3: Working with Files
- File basics
- Creating an empty file
- Truncating a file
- Getting the file info
- Renaming a file
- Deleting a file.
- Opening and closing files
- Checking whether a file exists
- Checking read and write permissions
- Changing permissions, ownership, and timestamps
- Hard links and symlinks
- Reading and writing
- Copying a file
- Seeking positions in a file
- Writing bytes to a file
- Quickly writing to a file
- Buffered writer
- Reading up to n bytes from a file
- Reading exactly n bytes
- Reading at least n bytes
- Reading all bytes of a file
- Quickly reading whole files to memory
- Buffered reader
- Reading with a scanner
- Archives
- Archive (ZIP) files
- Extracting (unzip) archived files
- Compression
- Compressing a file
- Uncompressing a File
- Creating temporary files and directories
- Downloading a file over HTTP
- Summary
- Chapter 4: Forensics
- Files
- Getting file information
- Finding the largest files
- Finding recently modified files
- Reading the boot sector
- Steganography
- Generating an image with random noise
- Creating a ZIP archive
- Creating a steganographic image archive
- Detecting a ZIP archive in a JPEG image
- Network
- Looking up a hostname from an IP address
- Looking up IP addresses from a hostname
- Looking up MX records
- Looking up nameservers for a hostname
- Summary
- Chapter 5: Packet Capturing and Injection
- Prerequisites
- Installing libpcap and Git
- Installing libpcap on Ubuntu
- Installing libpcap on Windows
- Installing libpcap on macOS
- Installing gopacket
- Permission problems
- Getting a list of network devices
- Capturing packets
- Capturing with filters
- Saving to the pcap file
- Reading from a pcap file
- Decoding packet layers
- Creating a custom layer
- Converting bytes to and from packets
- Creating and sending packets
- Decoding packets faster
- Summary
- Chapter 6: Cryptography
- Hashing
- Hashing small files
- Hashing large files.
- Storing passwords securely
- Encryption
- Cryptographically secure pseudo-random number generator (CSPRNG)
- Symmetric encryption
- AES
- Asymmetric encryption
- Generating a public and private key pair
- Digitally signing a message
- Verifying a signature
- TLS
- Generating a self-signed certificate
- Creating a certificate signing request
- Signing a certificate request
- TLS server
- TLS client
- Other encryption packages
- OpenPGP
- Off The Record (OTR) messaging
- Summary
- Chapter 7: Secure Shell (SSH)
- Using the Go SSH client
- Authentication methods
- Authenticating with a password
- Authenticating with private key
- Verifying remote host
- Executing a command over SSH
- Starting an interactive shell
- Summary
- Chapter 8: Brute Force
- Brute forcing HTTP basic authentication
- Brute forcing the HTML login form
- Brute forcing SSH
- Brute forcing database login
- Summary
- Chapter 9: Web Applications
- HTTP server
- Simple HTTP servers
- HTTP basic auth
- Using HTTPS
- Creating secure cookies
- HTML escaping output
- Middleware with Negroni
- Logging requests
- Adding secure HTTP headers
- Serving static files
- Other best practices
- CSRF tokens
- Preventing user enumeration and abuse
- Registration
- Login
- Resetting the password
- User profiles
- Preventing LFI and RFI abuse
- Contaminated files
- HTTP client
- The basic HTTP request
- Using the client SSL certificate
- Using a proxy
- Using system proxy
- Using a specific HTTP proxy
- Using a SOCKS5 proxy (Tor)
- Summary
- Chapter 10: Web Scraping
- Web scraping fundamentals
- Finding strings in HTTP responses with the strings package
- Using regular expressions to find email addresses in a page
- Extracting HTTP headers from an HTTP response
- Setting cookies with an HTTP client
- Finding HTML comments in a web page.
- Finding unlisted files on a web server
- Changing the user agent of a request
- Fingerprinting web application technology stacks
- Fingerprinting based on HTTP response headers
- Fingerprinting web applications
- How to prevent fingerprinting of your applications
- Using the goquery package for web scraping
- Listing all hyperlinks in a page
- Finding documents in a web page
- Listing page title and headings
- Crawling pages on the site that store the most common words
- Printing a list of external JavaScript files in a page
- Depth-first crawling
- Breadth-first crawling
- How to protect against web scraping
- Summary
- Chapter 11: Host Discovery and Enumeration
- TCP and UDP sockets
- Creating a server
- Creating a client
- Port scanning
- Grabbing a banner from a service
- Creating a TCP proxy
- Finding named hosts on a network
- Fuzzing a network service
- Summary
- Chapter 12: Social Engineering
- Gathering intel via JSON REST API
- Sending phishing emails with SMTP
- Generating QR codes
- Base64 encoding data
- Honeypots
- TCP honeypot
- The TCP testing tool
- HTTP POST form login honeypot
- HTTP form field honeypots
- Sandboxing
- Summary
- Chapter 13: Post Exploitation
- Cross compiling
- Creating bind shells
- Creating reverse bind shells
- Creating web shells
- Finding writable files
- Changing file timestamp
- Changing file permissions
- Changing file ownership
- Summary
- Chapter 14: Conclusions
- Recapping the topics you have learned
- More thoughts on the usage of Go
- What I hope you take away from the book
- Be aware of legal, ethical, and technical boundaries
- Where to go from here
- Getting help and learning more
- Another Book You May Enjoy
- Leave a review
- let other readers know what you think
- Index.