Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Security with Go

You're reading from   Security with Go Explore the power of Golang to secure host, web, and cloud services

Arrow left icon
Product type Paperback
Published in Jan 2018
Publisher Packt
ISBN-13 9781788627917
Length 340 pages
Edition 1st Edition
Languages
Arrow right icon
Authors (2):
Arrow left icon
Karthik Gaekwad Karthik Gaekwad
Author Profile Icon Karthik Gaekwad
Karthik Gaekwad
John Daniel Leon John Daniel Leon
Author Profile Icon John Daniel Leon
John Daniel Leon
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

1. Introduction to Security with Go FREE CHAPTER 2. The Go Programming Language 3. Working with Files 4. Forensics 5. Packet Capturing and Injection 6. Cryptography 7. Secure Shell (SSH) 8. Brute Force 9. Web Applications 10. Web Scraping 11. Host Discovery and Enumeration 12. Social Engineering 13. Post Exploitation 14. Conclusions 15. Another Book You May Enjoy

Why use Go for security?

I think we all understand that there is no such thing as the best programming language, but there are different tools for different jobs. Go excels in performance and concurrency. Some of its other benefits include the ability to compile down to a single executable and cross-compile easily. It also has a modern standard library well-suited for networked applications.

The ease of cross-compiling makes for some interesting use cases in the security field. Here are a couple of use cases for cross-compiling in security:

  • Penetration testers can use a Raspberry Pi to compile custom Go reverse shells for Windows, macOS, and Linux, and attempt to deploy them.
  • Network defenders can have one central database to store all honeypot information provided from honeypot servers, and then cross-compile the honeypot servers. This would allow them to easily deploy a consistent application across all platforms, including Windows, mac, and Linux.
  • Network defenders could deploy incredibly lightweight honeypots throughout their network in the form of a Docker container with a single statically linked binary. Containers would be quick to create and destroy, using minimal bandwidth and server resources.

When you ask yourself whether Go is a good language choice, it may help to compare Go with some of the other top language choices.

Why not use Python?

Python is a popular language in the security field. This is most likely because of its ubiquity, short learning curve, and plethora of libraries. There are already several useful tools for security written in Python, namely Scapy for packet capturing, Scrapy for web scraping, Immunity for debugging, Beautiful Soup for parsing HTML, and Volatility for memory forensics. Many vendors and service providers also provide API examples in Python.

Python is easy to learn, and there are plenty of resources. Go is also easy to write and has a gentle learning curve. The learning curve and the ease of programming is not a major differentiating factor between Go and Python in my opinion. This biggest distinction, and where Python falls short, is performance. Python cannot compete with Go in terms of performance. Part of it is the interpreted nature of Python, but a larger factor is the global interpreter lock or GIL. The GIL prevents the interpreter from using more than one CPU worth of processing power, even with multiple threads executing. There are some ways to get around this, such as using multiprocessing, but this has its own drawbacks and limitations, as it actually forks a new process. Other options are using Jython (Python on Java) or IronPython (Python on .NET), and these have no GIL.

Why not use Java?

One of Java's greatest strengths is the ability to write once, run anywhere (WORA). This is incredibly valuable if you have to do anything involving GUI, graphics, or audio. Go certainly does not beat Java in its ability to create GUIs, but it is cross-platform and supports cross-compiling.

Java is mature and widely adopted with lots of resources available. There are more options with Java libraries than Go packages. Java is the more verbose of the two languages. The Java ecosystem is more complex with several options for build tools and package managers. Go is much simpler and more standardized. These differences could simply be attributed to the age difference between the languages, but it may still affect your language choice.

In certain situations, the Java virtual machine (JVM) can be too resource intensive in terms of memory or startup time. If you need to pipe together several command-line Java applications, the startup time for the JVM just to run a series of short-lived programs can be a significant performance hit. In terms of memory, if you need to run several instances of the same application, then the memory required to run each JVM can add up. The JVM can also be restricting since it creates a sandbox and limits your access to the host machine. Go compiles down to native machine code and thus has no need for a virtual machine layer.

Go is well-documented and the community continues to grow and provide more resources. It is an easy language to learn, especially for experienced programmers. Concurrency is a bit simpler and built into the language, as opposed to a library package.

Why not use C++?

C++ does offer a little more control since the developer is in charge of memory management and there is no garbage collector. For this same reason, C++ will have slightly better performance. In some cases, Go can actually outperform C++.

C++ is very mature and has a large set of third-party libraries. Libraries are not always cross-platform and can have complex makefiles. Cross-compiling is much simpler in Go and can be done with the Go toolchain.

Go compiles with more efficiency because it has better dependency management. C++ can re-include the same header file multiple times and cause compilation times to balloon. The package system is more consistent and standardized in Go. Threads and concurrency are native to Go and require platform-specific libraries in C++.

The maturity of C++ has also led to the language growing and becoming more complicated over time. Go is a refreshing change with a simple-yet-modern language. C++ is not as friendly to beginners as Go.

You have been reading a chapter from
Security with Go
Published in: Jan 2018
Publisher: Packt
ISBN-13: 9781788627917
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image