Live Code: Go(lang) Application Security - XSS and CSRF

In this live-code session, Ganga Sumanth from AppSecEngineer discusses a set of common security flaws in GoLang apps: Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS). Watch him build out an application in Go and showcase real-world exploits in a lab environment. He'll also highlight the top defensive strategies you can use against these exploits. #appsecengineer #xss #csrf For more challenges and related courses dive into our training library @ https://www.appsecengineer.com/main-menu-pages/course-catalog Follow us on Twitter @https://twitter.com/AppSecEngineer Follow us on LinkedIn @https://www.linkedin.com/company/appsecengineer/ Chapters: 0:00- Countdown timer to Live code 1:00- Intro to the session content 3:40- Go (lang) application security- XSS and CSRF 4:33- What is XSS ? 5:36- What is Same Origin Policy? 7:15- How does XSS happens? 8:55- Types of XSS 14:12- Impact of XSS 16:10- Defense against XSS 18:40- Code lab session with Go code 30:05- What is CSRF? 31:00- How does CSRF happens? 32:10- Impact of CSRF 32:50- Defense against CSRF 35:33- Code lab session with Echo framework in Go (lang) 47:20- End notes and session summary