.d-none.d-md-block.col-md.col-12.gbi-891754768-pk9YESkyDa56pP3829ZRJA:before { opacity: 1; background-image: url('/static/a01eaa9ef5cc1f6853b3be39ca75ccb6/2f1b1/typing-code.jpg'); }

Golang Security and Fuzzing

Learn how to find bugs in Golang, build custom fuzzers, triage/debug crashes and improve code coverage.

Training starting at

$1,800.00

with one of our subscriptions

Language

English

This course teaches you all the prerequisites to understand which kind of vulnerability can be found inside Go code. You will learn how to find low-hanging fruits bugs manually and automatically using different Go auditing tools. You will discover how to use existing Go fuzzing coverage-guided frameworks, triage/debug crashes, and improve your code coverage. Finally, you will discover how to build custom Go fuzzers and implement advanced fuzzing techniques to find in-depth bugs on popular Go packages.

Along with this training, students will deal with a lot of hands-on exercises allowing them to internalize concepts and techniques taught in class.

Day 1 - Go Audit and Code Review

Participants will focus on learning Go code audit and vulnerability research. First, they will discover the internal of Go and which security mechanisms are enforced by default. Then, they will learn which vulnerabilities are the most common and how to find low-hanging fruits bugs manually and automatically using different Go auditing tools. Finally, they will discover what are the more advanced types of vulnerabilities in Golang.

Day 2 - Go Fuzzing and Crash Analysis

Participants will learn how to use existing Go fuzzing coverage-guided frameworks and how to triage/debug crashes. Then, they will improve their target's code coverage and fuzzing workflow. Finally, they will discover how to build custom Go fuzzers and implement advanced fuzzing techniques to find in-depth bugs on popular Go packages.

Topics Covered during this Course

Introduction to Golang and its Ecosystem
Security concepts
- Concurrency, Garbage collector, etc.
Golang vulnerabilities
- Error handling, panics, nil pointer dereference
- Index out of bound, Stack overflow, resource exhaustion (OOM)
- Advanced vulnerabilities
Attack surface discovery & Auditing tools
Introduction to Fuzzing
Coverage-guided Fuzzing
- go-fuzz / libfuzzer
Go Fuzz testing workflow and Corpus selection
- Code coverage, Corpus minimization
Crashes Triaging and Debugging
Other Advanced Fuzz Testing techniques
- Differential Go Fuzzing
- Writing Custom Go Fuzzers

Class Requirements

Basic Linux skills
Basic Go skills

Training by Patrick Ventuzelo

Patrick is a security researcher focused on fuzzing, reverse engineering and vulnerability research targeting WebAssembly and Rust security.

Can't attend? All of our trainings are also available as a private classes for your company.

Access all of our classes and profesionally edited recordings.

All-Access Subscription - Trainings. Solved.

All of our courses are also available as private trainings.

Private Training Quote

Courses are offered multiple times in different timezones.

Notify Me