Checkmarx Launches Infrastructure as Code Scanning Solution to Secure Cloud-Native Applications: KICS

How You can be Coding Securely in Go

For the third year in a row, Go has made the top 5 most loved programming languages and ranks number three in terms of “most wanted” programming language in Stack Overflow’s 2017 developer survey.


Additionally, Go developers are also among the top 5 highest paid according to tens of thousands of respondents of the same survey. Adding secure coding knowledge to the ability to develop in Go can lead to an even larger annual salary as security aware developers tend to earn more. Read on to learn about the secure coding resource that Checkmarx built to help developers across all verticals code securely in Go. 

The number of enterprises and developers using Go continues to grow. Of the 100s of companies using Go for their projects, a few names stand out. Aside from Google, the company behind Go’s creation, Adobe, Docker, Getty Images, Pinterest, SpaceX, Yahoo and others use Go to power various projects.


A full range of the organizations, and use cases of the Go language, broken down by geography, can be found on GitHub.


Go boasts a wide range of features which attract companies organizations who continually choose it for major projects. Go was Docker’s language of choice because of benefits such as static compilation with no dependencies, a strong standard library, a full development environment, the ability to build for multiple architectures with minimal hassle and more.



Secure Coding in Go

With it’s growing surge in popularity, it’s critical that applications developed in Go are designed with security in mind and in the our Go Secure Coding Guide we will guide you through secure Go development best practices and more.


In the first quarter of 2017, Checkmarx’s Application Security Research team worked hard to produce a secure coding guide, the Go Language – Web Application Secure Coding Practices, that is hosted here on the Checkmarx website as a downloadable whitepaper as well as on GitHub as a “living document” which can be edited and refreshed by the open source community.

Read our whitepaper to learn:

  • How to avoid common mistakes taking advantage for one of Go frameworks
  • Ways to audit any Go libraries for security: as Go is a recent programming language there are a lot of bad code/practices out there
  • Why you should Keep Race Detector enabled while developing: this will prevent race conditions to be detected only in production
  • Memory Management: although Go Slices are analogous to arrays in other languages, they have unusual properties which developers should be aware of to use them the right way, improving memory management and data corruption
  • TLS implementation: Simple, secure Out-of-the-box, no compression, no fallback
  • Panic, Recover, Defer: To recover from error and perform the required instructions to resume normal execution seamlessly

This guide was written for anyone who is developing in the Go Programming language and is intended to provide a framework to help those developers avoid the mistakes which could result in vulnerabilities being shipped along with their code.


Read our full whitepaper here.

Jump to Category