- Lab
- Security

Sanitize User Input for Go Applications
In this lab, you’ll practice identifying and mitigating common web vulnerabilities in a Go application. When you’re finished, you’ll have a secured Go web application demonstrating best practices against SQL Injection, XSS, and CSRF.

Path Info
Table of Contents
-
Challenge
Getting Started in the Lab Environment
Here are the initial instructions and explanation of the lab environment. Read this while your environment is busy creating itself from nothing. Yes, this violates physics; we know. How fun!
-
Challenge
Understanding SQL Injection
Learn the fundamentals of SQL Injection, one of the most critical web vulnerabilities. This challenge covers how attackers exploit insecure code to manipulate database queries, the different types of SQLi attacks, and their potential impact on your application.
-
Challenge
Uncovering and Patching SQL Injection in Go
Exploit an SQL Injection vulnerability in the Globomantics CRM to bypass authentication. You will then review the insecure code and learn how parameterized queries are used to effectively prevent SQL injection attacks.
-
Challenge
Knowledge Check: SQL Injection
Assess your understanding of SQL Injection. This quiz will test your knowledge of SQL injection (SQLi) concepts.
-
Challenge
Understanding Cross-Site Scripting (XSS)
Discover the mechanics of Cross-Site Scripting (XSS), a vulnerability that targets application users. This challenge explains how attackers inject malicious scripts into trusted websites, the differences between Stored, Reflected, and DOM-based XSS, and the risks.
-
Challenge
Demonstrating and Mitigating Cross-Site Scripting (XSS)
Exploit a Cross-Site Scripting (XSS) flaw in Globomantics CRM's feedback section by injecting a malicious script. You will then analyze the insecure code and review the usage of Go html/template package to encode user output and neutralize the threat properly.
-
Challenge
Knowledge Check: Cross-Site Scripting
Test your knowledge of Cross-Site Scripting.
-
Challenge
Understanding Cross-Site Request Forgery (CSRF)
Learn about Cross-Site Request Forgery (CSRF), the one-click attack that tricks users into performing unintended actions. This challenge covers the mechanics of how CSRF abuses a user's authenticated session and the standard defense against it.
-
Challenge
Protecting Against Cross-Site Request Forgery (CSRF) in Go
Demonstrate a Cross-Site Request Forgery (CSRF) attack on an unprotected Globomantics CRM endpoint. You'll use a malicious page to force an unintended approval, then review anti-CSRF tokens in the Go app to secure the financial transaction.
-
Challenge
Knowledge Check: Cross-Site Request Forgery
Assess your understanding of Cross-Site Request Forgery.
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.