This course teaches you all the prerequisites to understand which kind of vulnerability can be found inside Go code. You will learn how to find low-hanging fruits bugs manually and automatically using different Go auditing tools. You will discover how to use existing Go fuzzing coverage-guided frameworks, triage/debug crashes, and improve your code coverage. Finally, you will discover how to build custom Go fuzzers and implement advanced fuzzing techniques to find in-depth bugs on popular Go packages.
Along with this training, students will deal with a lot of hands-on exercises allowing them to internalize concepts and techniques taught in class.
Participants will focus on learning Go code audit and vulnerability research. First, they will discover the internal of Go and which security mechanisms are enforced by default. Then, they will learn which vulnerabilities are the most common and how to find low-hanging fruits bugs manually and automatically using different Go auditing tools. Finally, they will discover what are the more advanced types of vulnerabilities in Golang.
Participants will learn how to use existing Go fuzzing coverage-guided frameworks and how to triage/debug crashes. Then, they will improve their target's code coverage and fuzzing workflow. Finally, they will discover how to build custom Go fuzzers and implement advanced fuzzing techniques to find in-depth bugs on popular Go packages.
- Introduction to Golang and its Ecosystem
- Concurrency, Garbage collector, etc.
- Error handling, panics, nil pointer dereference
- Index out of bound, Stack overflow, resource exhaustion (OOM)
- Advanced vulnerabilities
- Attack surface discovery & Auditing tools
- Introduction to Fuzzing
- go-fuzz / libfuzzer
Go Fuzz testing workflow and Corpus selection
- Code coverage, Corpus minimization
- Crashes Triaging and Debugging
Other Advanced Fuzz Testing techniques
- Differential Go Fuzzing
- Writing Custom Go Fuzzers
- Basic Linux skills
- Basic Go skills