🔷

Go for AppSec Engineers

Study how security bugs appear in Go applications through exploitation, code review snippets, and CVE patch analysis across injection, path traversal, authentication, and more.
63 exercises
4 chapters
Unlock PRO Access ← All Tracks
Chapter 1
Injection
Start with injection vulnerabilities in Go: SQL injection through unsafe database/sql usage, LDAP injection, XPath injection, and delimiter-based attacks in Go string handling.
1
Golang Snippet #01 Pro
Code Review · Directory Traversal
2
Golang Snippet #02 Pro
Code Review · Missing Field Delimiter
3
Golang Snippet #03 Pro
Code Review · Delimiter Injection
4
Golang Code Review #09 Pro
Code Review · XPath Injection
5
Golang Code Review #03 Pro
Code Review · XML External Entity
6
Code Review 09 Pro
Code Review · SQL Injection
7
CVE-2019-379X Pro
Code Review · SQL Injection
8
CVE-2019-X03X Pro
Code Review · SQL Injection
9
CVE-2022-37X1 Pro
Code Review · SQL Injection
10
CVE-2022-2X8XX Pro
Code Review · SQL Injection
11
CVE-2024-X5X87 Pro
Code Review · SQL Injection
12
CVE-2024-X3X06 Pro
Code Review · SQL Injection
13
CVE-2025-5X3X9 Pro
Code Review · SQL Injection
14
CVE-2021-4xx50 Pro
Code Review · LDAP Injection
15
CVE-2022-XX975 Pro
Code Review · LDAP Injection
Chapter 2
Paths, Redirects & Server-Side Requests
Exploit HTTPoxy and go get RCE, then review directory traversal, open redirect, SSRF, and filter bypass patterns in Go code and real CVE patches.
16
CVE-2016-5386: HTTPoxy/Golang HTTProxy namespace conflict Pro
Exploitation
17
CVE-2018-6574: go get RCE Pro
Exploitation
18
Gogs RCE Pro
Exploitation
19
Gogs RCE II Pro
Exploitation
20
CVE-2022-0415 Pro
Exploitation
21
Golang Snippet #07 Pro
Code Review · Directory Traversal
22
Golang Snippet #10 Pro
Code Review · Directory Traversal
23
Golang Snippet #11 Pro
Code Review · Directory Traversal
24
Golang Code Review #02 Pro
Code Review · Directory Traversal
25
Golang Code Review #10 Pro
Code Review · Directory Traversal
26
Code Review 10 Pro
Code Review · Directory Traversal
27
Code Review 07 Pro
Code Review · Directory Traversal
28
CVE-2021-4379x Pro
Code Review · Directory Traversal
29
CVE-2017-1XX74 Pro
Code Review · Directory Traversal
30
CVE-2025-X215X Pro
Code Review · Directory Traversal
31
Golang Code Review #01 Pro
Code Review · Open Redirect
32
Golang Code Review #05 Pro
Code Review · Open Redirect
33
Golang Code Review #04 Pro
Code Review · Server-Side Request Forgery
34
CVE-2022-X87X Pro
Code Review · Server-Side Request Forgery
35
CVE-2025-XX95X Pro
Code Review · Server-Side Request Forgery
36
Code Review 06 Pro
Code Review · Filter Bypass
37
Golang Snippet #08 Pro
Code Review · Filter Bypass
38
Golang Code Review #08 Pro
Code Review · Filter Bypass
39
CVE-2023-X5821 Pro
Code Review · Filter Bypass
40
CVE-2024-2791X Pro
Code Review · Filter Bypass
41
CVE-2024-x730x Pro
Code Review · Filter Bypass
Recommended: Complete Chapter 1 first
Chapter 3
Auth, Secrets & Crypto
Review authentication flaws, hardcoded secrets, signing oracles, timing attacks, weak randomness, and captcha bypass patterns in Go applications.
42
Golang Snippet #05 Pro
Code Review · Broken Authentication
43
Golang Snippet #04 Pro
Code Review · Broken Authentication
44
Golang Snippet #06 Pro
Code Review · Signing Oracle
45
Golang Code Review #06 Pro
Code Review · Length Extension
46
Golang Snippet #09 Pro
Code Review · Non Constant in Time Comparison
47
CVE-2025-X93X0 Pro
Code Review · Non Constant in Time Comparison
48
Golang Snippet #12 Pro
Code Review · Lack of Randomness
49
CVE-2021-X5X8 Pro
Code Review · Lack of Randomness
50
CVE-2025-5XX2X Pro
Code Review · Improper Authentication
51
CVE-202X-15X7 Pro
Code Review · Captcha Bypass
52
CVE-2025-3X5X Pro
Code Review · Signature Bypass
53
CVE-2023-XX463 Pro
Code Review · Hardcoded Secret
54
CVE-2023-2758X Pro
Code Review · Hardcoded Secret
55
CVE-2023-51XX2 Pro
Code Review · Hardcoded Secret
56
CVE-2024-6X3X Pro
Code Review · Hardcoded Secret
Recommended: Complete Chapters 1 & 2 first
Chapter 4
XSS, Info Leaks & Miscellaneous
Finish with cross-site scripting in Go templates, CORS bypasses, denial of service, information leaks, host header injection, and insecure transport patterns.
57
Code Review 08 Pro
Code Review · Host Header Injection
58
Golang Code Review #07 Pro
Code Review · Cross-Site-Scripting
59
CVE-2024-X90X6 Pro
Code Review · CORS Bypass
60
CVE-2023-28XX9 Pro
Code Review · Denial of Service
61
CVE-2025-4913X Pro
Code Review · Environment Variable Leaks
62
CVE-2025-6XX4 Pro
Code Review · Information Leak
63
CVE-2023-3219X Pro
Code Review · Insecure Data Transport
Recommended: Complete all previous chapters

Get Full Access to This Track

Unlock every exercise across all chapters with PRO.

Unlock PRO Access