Anna-Katharina Wickert

Crypto Fails and How to Tackle Them in Go

Recent studies in academia and industry [1-3] reveal that the (vast) majority of applications using crypto struggle with a functional and secure solution. Because of these struggles, the application ends up with attackable components, e.g., passwords stored insecurely. Further, these issues can lead to messages like: “Our application is secure as it uses the standard AES-128.” However, it is easily attackable as the wrong parameters for the AES encryption were chosen.

In this talk, we will introduce and explain six very frequently discussed problems for insecure crypto usages and demonstrate secure solutions for common use cases. We will start by understanding why these six issues are a security problem without using any mathematical formula at all. After knowing why we should avoid these mistakes in our application, we take a look at the standard Go crypto library and inspect if we can repeat finding these issues in implementations using this library as well. A small spoiler: You can’t repeat all due to the design decisions of the Go API. However, you can find issues and discussions about why Go shouldn’t support these insecure solutions as well. We will end the talk with code examples of common tasks involving crypto and shortly demonstrate how static analyses can help you implement a secure solution.

Bio

Anna-Katharina Wickert loves to share things she is thrilled about. In her day-to-day job, she’s a Ph.D. student at Technische Universität Darmstadt. There she inspects (crypto) misuses and how one can ease adapting static analyses for different languages and APIs by deriving new rule sets for those. In her free time, she organizes the Frankfurt Rhein-Main chapters of the Go and Go Bridge user groups, loves healthy food especially vegetables, enjoys the silence of a Yin Yoga class, and solving problems at the boulder gym.

Buy Now! $49

Includes admission for all talks, real time discussions, and early access to all recorded videos. View the agenda.

Buy Now! $199

At the heart of Machine Learning is the model’s code, but it only accounts for a fraction of the overall code of a production system and the rest is the infrastructure needed to power and utilize it. In this workshop, we will focus on the infrastructure of a Machine Learning application written in Go and integrate the systems needed to deploy a ML model at scale.

Buy Now! $199

At the 'edges' of your program (e.g. when interacting with other services) you will use serialization to send and receive data. Working efficiently with serialization will make your interfaces more flexible, will save you money on CPU & bandwidth and free you to focus on writing business value code.

Buy Now! $199

Whether you are just getting started in Go or have been writing Go code for a couple years, this class will make sure you have what you need to write simple, quick, robust tests. We will start with the basics and introduce table driven tests. Then we'll work through advanced concepts such as testing asynchronous code as well as mocking and injecting code. We’ll finish up with example tests and code coverage. We believe in a hands-on approach to learning, so be ready to write a lot of tests!

Buy Now! $199

This course is tailored to developers learning Go for the first time or having less than one year of Go development experience. This workshop will cover practical, daily Go fundamentals. Starting with the language fundamentals, students will move into interfaces and how they lend to embedding and composition in Go. We will finish up with an overview of concurrency in Go.

Buy Now! $199

This course was designed to take experienced Go developers and walk them through how to use all the Go tooling to make your code perform better. We will start with a complete look at benchmarking from start to finish. Then a walk-through of the profiling tools will be presented. Students will finish up by learning about common optimizations in Go. After learning about these optimizations, you will be able to apply this knowledge to your own code to identify performance issues.