How You can be Coding Securely in Go

Apr 06, 2017 By Paul Curran

For the third year in a row, Go has made the top 5 most loved programming languages and ranks number three in terms of “most wanted” programming language in Stack Overflow’s 2017 developer survey.


Additionally, Go developers are also among the top 5 highest paid according to tens of thousands of respondents of the same survey. Adding secure coding knowledge to the ability to develop in Go can lead to an even larger annual salary as security aware developers tend to earn more. Read on to learn about the secure coding resource that Checkmarx built to help developers across all verticals code securely in Go. 

The number of enterprises and developers using Go continues to grow. Of the 100s of companies using Go for their projects, a few names stand out. Aside from Google, the company behind Go’s creation, Adobe, Docker, Getty Images, Pinterest, SpaceX, Yahoo and others use Go to power various projects.


A full range of the organizations, and use cases of the Go language, broken down by geography, can be found on GitHub.


Go boasts a wide range of features which attract companies organizations who continually choose it for major projects. Go was Docker’s language of choice because of benefits such as static compilation with no dependencies, a strong standard library, a full development environment, the ability to build for multiple architectures with minimal hassle and more.



Secure Coding in Go

With it’s growing surge in popularity, it’s critical that applications developed in Go are designed with security in mind and in the our Go Secure Coding Guide we will guide you through secure Go development best practices and more.


In the first quarter of 2017, Checkmarx’s Application Security Research team worked hard to produce a secure coding guide, the Go Language – Web Application Secure Coding Practices, that is hosted here on the Checkmarx website as a downloadable whitepaper as well as on GitHub as a “living document” which can be edited and refreshed by the open source community.

Read our whitepaper to learn:

  • How to avoid common mistakes taking advantage for one of Go frameworks
  • Ways to audit any Go libraries for security: as Go is a recent programming language there are a lot of bad code/practices out there
  • Why you should Keep Race Detector enabled while developing: this will prevent race conditions to be detected only in production
  • Memory Management: although Go Slices are analogous to arrays in other languages, they have unusual properties which developers should be aware of to use them the right way, improving memory management and data corruption
  • TLS implementation: Simple, secure Out-of-the-box, no compression, no fallback
  • Panic, Recover, Defer: To recover from error and perform the required instructions to resume normal execution seamlessly

This guide was written for anyone who is developing in the Go Programming language and is intended to provide a framework to help those developers avoid the mistakes which could result in vulnerabilities being shipped along with their code.


Read our full whitepaper here.

The following two tabs change content below.

Paul Curran

Content Specialist at Checkmarx
With a background in mobile applications, Paul brings a passion for creativity reporting on application security trends, news and security issues facing developers, organizations and end users to Checkmarx's content.

Latest posts by Paul Curran (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.