Let's Encrypt is "a free, automated, and open Certificate Authority." They provide free signed certificates as a trusted certificate authority. This tutorial walks through the process of installing certbot and requesting new certificates and renewing existing ones wit Let's Encrypt. If you are just looking to generate your own quick self-signed certificates, check out my tutorial on creating self-signed SSL certificates with OpenSSL.
This tutorial will walk through the process of creating your own self-signed certificate. You can use this to secure network communication using the SSL/TLS protocol. For example, to run an HTTPS server. If you don't need self-signed certificates and want trusted signed certificates, check out my LetsEncrypt SSL Tutorial for a walkthrough of how to get free signed certificates.
Check out Security with Go, a book I recently wrote, available from Packt Publishing. It covers secure development, red team and blue team topics and is useful for developers and infosec professionals like analysts, investigators, engineers, and pentesters. It's a great book if you want to get to know Go better or if you want to start using Go for security.
The gopacket package provides a Go wrapper for libpcap written in C. It is more than just a simple wrapper though. It provides additional functionality and takes advantage of Go things like interfaces, which makes it incredibly powerful.
libpcap allows us to capture or send packets from a live network device or a file. This tutorial and code examples will walk you through using libpcap to find network devices, get information about devices, process packets in real time or offline, send packets, and even listen to wireless traffic.
Without proper care, developers can leave their CakePHP website open to cross-site scripting attacks. Controllers using scaffold functions do not take care to sanitize data, and leaves the website vulnerable. When using the bake tool in the console, it generates controllers as simple as the scaffold version. Some suggest storing the unsanitized data and escape the dangerous characters on output. In a perfect world I would agree with this approach, but it is easy to forget to sanitize output every time, or for an amateur developer to be ignorant of the dangers.
CakePHP is one of my favorite web frameworks. There is one glaring security hole that caught my attention though. Without proper care from the developer, users have the potential to tamper with data sent with forms. For example, a common operation is to take the value from a form and save it like this:
Let's say the user manipulates the form and adds this line: