OWASP Developer Guide

Go Secure Coding Practices

5.1.2 Go Secure Coding Practices

The OWASP Go Secure Coding Practices (Go-SCP) is a set of software secure coding practices for the Go programming language.

The Go-SCP documentation project is an OWASP Incubator Project that has enough long term support to achieve Lab status soon. The published document can be downloaded in various formats from the github repo.

What is Go-SCP?

Go-SCP provides examples and recommendations to help developers avoid common mistakes and pitfalls, including code examples in Go that provide practical guidance on implementing the recommendations. Go-SCP covers the OWASP Secure Coding Practices Quick Reference Guide topic-by-topic:

  • Input Validation
  • Sanitization Output Encoding
  • Authentication and Password Management
  • Session Management
  • Access Control
  • Cryptographic Practices
  • Error Handling and Logging
  • Data Protection
  • Communication Security
  • System Configuration
  • Database Security
  • File Management
  • Memory Management
  • General Coding Practices

The Go Secure Coding Practices book is available in various formats:

  • PDF
  • ePub
  • DocX
  • MOBI

Why use Go-SCP?

Development teams often need help and support in getting the security right for web applications, and part of this help comes from secure coding guidelines and best practices. Go-SCP provides this guidance for a wide range of secure coding topics as well as providing practical code examples for each coding practice.

How to use Go-SCP?

The primary audience of the Go Secure Coding Practices Guide is developers, particularly those with previous experience in other programming languages.

Download the Go-SCP document in one of the formats: PDF, ePub, DocX and MOBI. Refer to the specific topic chapter and then use the example Go code snippets for practical guidance on secure coding using Go.


The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.

\newpage