When beginning to utilize any new programming language, a frequent obstacle developers face is the sheer lack of secure coding education and training about common pitfalls and coding errors during the language-learning process. The subject of security is often neglected by many articles pertaining to a new language, or security discussions are very scattered throughout the many posts found online.
One language in particular that has quickly become a rising star in today’s developer community is Go, an open source language developed by Google. In fact, a recent report from Stack Overflow found that Go is now the 5th most popular language amongst developers – a quick rise for a relatively new community entrant. However, like any language, Go isn’t without its security pitfalls, requiring industry awareness to be spread in order to help its users code more securely.
Recognizing the lack of security advice and guidance surrounding Go, based on our team’s dedication to improving software security in-part by spreading awareness, and to celebrate the recent launch of Checkmarx CxSAST version 9.2, which includes major Golang support enhancements (more on that below), we’ve declared this entire week as ‘Checkmarx Golang Week’!
To kick this off, today we published our newest eBook, A Quick Intro to Go Language Security, providing a collection of best practices that developers should adhere to if they want to create more secure applications using Go. Looking for an even deeper dive? Within our Quick Intro eBook, you’ll find a link to an extensive, 86-page, first-of-its-kind document for Go language security that was initiated by the Checkmarx Security Research Team and built out as an open source project with help from the broader software developer and AppSec community.
Curious what else we have in store this week? Here’s a sneak preview…
Tuesday, we’ll be hearing from David Cohen – Software Engineer at Checkmarx where he’ll be discussing his thoughts on why Go language is the cream of the crop due to its simplicity and efficiency. After using Go yourself, especially if you follow the tips we’ve laid out in our guide, we’re confident you’ll feel the same as David!
Wednesday, we’ll be hearing from Paulo Silva, Checkmarx Security Researcher. Paulo will disclose newly discovered security issues in Go and explain how to avoid them when using the language. It’s a must-read for all Golang afficionados.
Thursday, we’ll be hearing from three Checkmarx software developers – Daniel Novais, Samuel Ferreira, and Jose Pereira – in an extensive Q&A with topics ranging from their favorite programming languages, to best practices they employ for writing more secure code, and what the future of coding holds. We hope you enjoy reading it as much as we enjoyed speaking with them!
Well, that’s quite a bit of information pertaining to the Go language! We hope you enjoy all we have in-store this week.
Don’t forget to download the brand spankin’ new Go Language Guide – Web Application Secure Coding Practices and check out all that CxSAST version 9.2 has to offer. Highlights include:
- Namespace-level DOM
- Project Configuration File
- Multiple (Returns and Assignments)
- Named Parameter Structs
By constantly scanning and analyzing various internal code projects, Checkmarx has successfully achieved increased Go language accuracy and support resulting in:
- Improvements of existing language queries
- Additional new queries available
- Reduced scan times by an average 50%
Get ready, get set, GO!