• This repository has been archived on 02/Nov/2023
  • Stars
    star
    206
  • Rank 190,504 (Top 4 %)
  • Language
    Go
  • License
    Other
  • Created about 6 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Sqreen's Application Security Management for the Go language

Sqreen for Go

Sqreen's Application Security Management for Go

After performance monitoring (APM), error and log monitoring it’s time to add a security component into your app. Sqreen’s microagent automatically monitors sensitive app’s routines, blocks attacks and reports actionable infos to your dashboard.

Sqreen for Go

Sqreen provides automatic defense against attacks:

  • Protect with security modules: RASP (Runtime Application Self-Protection), in-app WAF (Web Application Firewall), Account takeovers and more.

  • Sqreen’s modules adapt to your application stack with no need of configuration.

  • Prevent attacks from the OWASP Top 10 (Injections, XSS and more), 0-days, data Leaks, and more.

  • Create security automation playbooks that automatically react against your advanced business-logic threats.

For more details, visit sqreen.com

Quick start

  1. Use the middleware function for the Go web framework you use:

    If your framework is not listed, it is usually possible to use instead the standard net/http middleware. If not, please, let us know by creating an issue.

  2. Compile your program with Sqreen

    Sqreen's dynamic configuration of your protection is made possible thanks to Go instrumentation. It is safely performed at compilation time by the following instrumentation tool.

    Install the following instrumentation tool and compile your program using it in order to enable Sqreen.

    1. Use go install to compile the instrumentation tool:

      $ go install github.com/sqreen/go-agent/sdk/sqreen-instrumentation-tool

      By default, the resulting sqreen-instrumentation-tool tool is installed in the bin directory of the GOPATH. You can find it using go env GOPATH.

    2. Configure the Go toolchain to use it:

      Use the instrumentation tool using the go options -a -toolexec /path/to/sqreen-instrumentation-tool.

      It can be done either in your Go compilation command lines or by setting the GOFLAGS environment variable.

      For example, the following two commands are equivalent:

      $ go build -a -toolexec $(go env GOPATH)/bin/sqreen-instrumentation-tool my-project
      $ env GOFLAGS="-a -toolexec $(go env GOPATH)/bin/sqreen-instrumentation-tool" go build my-project
  3. Signup to Sqreen to get your app credentials:

    app_name: Your Go app name
    token: your token

    This file can be stored in your current working directory when starting the executable, the same directory as your app's executable file, or in any other path by defining the configuration file location into the environment variable SQREEN_CONFIG_FILE.

Congratulations, your Go web application is now protected by Sqreen!

Sqreen for Go

Advanced integration

Optionally, use the SDK to perform user monitoring or custom security events you would like to track and possibly block.

More Repositories

1

awesome-nodejs-projects

Curated list of awesome open-source applications made with Node.js
5,418
star
2

CTOSecurityChecklist

The SaaS CTO Security Checklist
JavaScript
728
star
3

PyMiniRacer

PyMiniRacer is a V8 bridge in Python.
Python
717
star
4

vue-authentication-example

This repo aims to answer how to handle authentication in your vue app.
JavaScript
490
star
5

twofa

A TouchID-aware 2-factor authenticator for macOS
Swift
147
star
6

DevOpsSecurityChecklist

HTML
82
star
7

DevelopersSecurityBestPractices

CSS
72
star
8

security-page

An open source security page to easily implement on any website 🔥
JavaScript
66
star
9

funAPM

JavaScript
47
star
10

tor-test

Nodejs tool to check if a request comes from Tor
JavaScript
44
star
11

SPAudit

JavaScript
39
star
12

AioContext

Context information storage for asyncio
Python
38
star
13

VueXSSDemo

Example of XSS performed with Vue and few Vue UI libraries
JavaScript
20
star
14

go-dvwa

Go Damn Vulnerable Web App
CSS
20
star
15

rb-security-txt

Tools about security.txt for Ruby
Ruby
18
star
16

sqreen-demo-app

Demo app to understand how sqreen can protect your business
JavaScript
12
star
17

article-serverless-auth-example

JavaScript
9
star
18

VulnerableDemo

Vulnerable demo website
Ruby
4
star
19

python-security-signal-sdk

Sqreen Security Signal SDK for Python
Python
3
star
20

devise_sqreener

Get more information about devise users through sqreen enrich
Ruby
3
star
21

devise_sqreener_tutorial

A tutorial for helping filter potentially malicious users from signing up for your Rails app.
Ruby
2
star
22

sqreen-monitoring-wordpress

Automatically monitor Wordpress with Sqreen PHP agent
PHP
2
star
23

azure-pipelines-golang

Golang container for Azure Pipeline
Dockerfile
2
star
24

go-libsqreen

Go bindings for the Sqreen C/C++ library
Go
2
star
25

ruby-agent

Sqreen agent for Ruby
2
star
26

libsqreen-binaries-public

Temporary repository to host built versions of libsqreen until it is fully open-sourced
C
2
star
27

BusinessLogicAttacksPOC

Prevent business logic attacks using dynamic instrumentation - OWASP AppSec US 2018
Ruby
2
star
28

libinjection-build-python

Build wheel for libinjection in Python
Shell
1
star
29

NextcloudSDK

Add Sqreen SDK in nextcloud
Makefile
1
star
30

nashorn

Nashorn for JDK15+
Java
1
star
31

node-v8-monolith

Node.js fork with scripts for building libv8_monolith.a
JavaScript
1
star
32

node_engine_bench

HTML
1
star
33

WASMBench

JavaScript
1
star
34

JavaStandaloneSDK

Sqreen Java SDK with no Agent dependency
Java
1
star
35

railsblog

A vulnerable rails 4 blog
Ruby
1
star
36

azure-pipelines-container-alpine-python

Python on Alpine Linux for Azure Pipelines
Dockerfile
1
star