Practical fuzzing with Go

Fuzzing has been seen for the longest time as a niche tool just for experts or security people to use. This talk aims at demystifying fuzzing for all programmers.

Roberto starts by explaining the basics of automated testing and ends up providing actionable how-tos on how to apply them to your daily programming and testing workflows.

#go #golang

What is GEEK

Buddha Community

Practical fuzzing with Go
Fannie  Zemlak

Fannie Zemlak


What's new in the go 1.15

Go announced Go 1.15 version on 11 Aug 2020. Highlighted updates and features include Substantial improvements to the Go linker, Improved allocation for small objects at high core counts, X.509 CommonName deprecation, GOPROXY supports skipping proxies that return errors, New embedded tzdata package, Several Core Library improvements and more.

As Go promise for maintaining backward compatibility. After upgrading to the latest Go 1.15 version, almost all existing Golang applications or programs continue to compile and run as older Golang version.

#go #golang #go 1.15 #go features #go improvement #go package #go new features

Zander  Herzog

Zander Herzog


Secure HTTPS servers in Go

In this article, we are going to look at some of the basic APIs of the http package to create and initialize HTTPS servers in Go.

Image for post


In the “Simple Hello World Server” lesson, we learned about net/http package, how to create routes and how [ServeMux]( works. In the “Running multiple HTTP servers” lesson, we learned about [Server]( structure and how to run multiple HTTP servers concurrently.

In this lesson, we are going to create an HTTPS server using both Go’s standard server configuration and custom configuration (using [_Server_]( structure). But before this, we need to know what HTTPS really is?

HTTPS is a big topic of discussion in itself. Hence while writing this lesson, I published an article just on “How HTTPS works?”. I advise you to read this lesson first before continuing this article. In this article, I’ve also described the encryption paradigm and SSL certificates generation process.

If we recall the simplest HTTP server example from previous lessons, we only need http.``[ListenAndServe]( function to start an HTTP server and http.``[HandleFunc]( to register a response handler for a particular endpoint.

Image for post


In the example above, when we run the command go run server.go , it will start an HTTP server on port 9000. By visiting http://localhost:9000 URL in a browser, you will be able to see a Hello World! message on the screen.

Image for post


As we know, the nil argument to ListenAndServe() call invokes Go to use the [DefaultServeMux]( response multiplexer, which is the default instance of ServeMux structure provided globally by the Go. The HandleFunc() call adds a response handler for a specific route on the multiplexer instance.

The http.ListenAndServe() call uses the Go’s standard HTTP server configuration, however, in the previous lesson, how we can customize a server using [Server]( structure type.

To start an HTTPS server, all we need do is to call ServerAndListenTLS method with some configuration. Just like ServeAndListen method, this method is available on both the http package and the Server structure.

The http.``[ServeAndListenTLS]( method uses the Go’s standard server implementation, however, both [Server]( instance and Server.``[ServeAndListenTLS]( method can be configured for our needs.

#go-programming-language #go #golang-tutorial #go-programming #golang

Elian  Harber

Elian Harber


Go-callvis: Visualize Call Graph Of A Go Program using Graphviz


go-callvis is a development tool to help visualize call graph of a Go program using interactive view.


The purpose of this tool is to provide developers with a visual overview of a Go program using data from call graph and its relations with packages and types. This is especially useful in larger projects where the complexity of the code much higher or when you are just simply trying to understand code of somebody else.


  • 🆕 support for Go modules! :boom:
  • focus specific package in the program
  • click on package to quickly switch the focus using interactive viewer
  • group functions by package and/or methods by type
  • filter packages to specific import path prefixes
  • ignore funcs from standard library
  • omit various types of function calls

Output preview


Check out the source code for the above image.

How it works

It runs pointer analysis to construct the call graph of the program and uses the data to generate output in dot format, which can be rendered with Graphviz tools.

Reference guide

Here you can find descriptions for various types of output.

Packages / Types

focusedblue color
stdlibgreen color
otheryellow color

Functions / Methods

exportedbold border
unexportednormal border
anonymousdotted border


internalblack color
externalbrown color
staticsolid line
dynamicdashed line
regularsimple arrow
concurrentarrow with circle
deferredarrow with diamond

Quick start


  • Go 1.13+
  • Graphviz (optional, required only with -graphviz flag)


go get -u
# or
git clone
cd go-callvis && make install


Interactive viewer

To use the interactive view provided by a web server that serves SVG images of focused packages, you can simply run:

go-callvis <target package>

HTTP server is listening on http://localhost:7878/ by default, use option -http="ADDR:PORT" to change HTTP server address.

Render static output

To generate a single output file use option -file=<file path> to choose output file destination.

The output format defaults to svg, use option -format=<svg|png|jpg|...> to pick a different output format.


Usage of go-callvis:
        Enable verbose log.
  -file string
        output filename - omit to use server mode
  -cacheDir string
        Enable caching to avoid unnecessary re-rendering.
  -focus string
        Focus specific package using name or import path. (default "main")
  -format string
        output file format [svg | png | jpg | ...] (default "svg")
        Use Graphviz's dot program to render images.
  -group string
        Grouping functions by packages and/or types [pkg, type] (separated by comma) (default "pkg")
  -http string
        HTTP service address. (default ":7878")
  -ignore string
        Ignore package paths containing given prefixes (separated by comma)
  -include string
        Include package paths with given prefixes (separated by comma)
  -limit string
        Limit package paths to given prefixes (separated by comma)
  -minlen uint
        Minimum edge length (for wider output). (default 2)
  -nodesep float
        Minimum space between two adjacent nodes in the same rank (for taller output). (default 0.35)
        Omit calls to unexported functions.
        Omit calls to/from packages in standard library.
        Direction of graph layout [LR | RL | TB | BT] (default "LR")
        Skip opening browser.
  -tags build tags
        a list of build tags to consider satisfied during the build. For more information about build tags, see the description of build constraints in the documentation for the go/build package
        Include test code.
        Show version and exit.

Run go-callvis -h to list all supported options.


Here is an example for the project syncthing.

syncthing example

Check out more examples and used command options.


Join #go-callvis channel at (not a member yet? get invitation)

How to help

Did you find any bugs or have some suggestions?

  • Feel free to open new issue or start discussion in the slack channel.

Do you want to contribute to the project?

  • Fork the repository and open a pull request. Here you can find TODO features.


The interactive tool described below has been published as a separate project called goexplorer!

Ideal goal of this project is to make web app that would locally store the call graph data and then provide quick access of the call graphs for any package of your dependency tree. At first it would show an interactive map of overall dependencies between packages and then by selecting particular package it would show the call graph and provide various options to alter the output dynamically.

Author: Ofabry
Source Code: 
License: MIT license

#go #golang #visualization 

Go-web-workshop: Build Web Applications with Go on App Engine

Building Web Applications with Go

Welcome, gopher! You're not a gopher? Well, this workshop is for gophers, or people that use the Go programming language. But fear not if you've never written any Go before! I'd recommend you learn the basics for the language first with the Go tour.

This workshop has been run a couple of times with an instructor leading. The goal of this repo is to make it as easy as possible for individuals to follow the content by themselves. If you get stuck at any point, feel free to file issues asking questions.

Setting up your workspace

To go through this you will need the following:

  1. You have installed the Go Programming Language.
  2. You have set up a GOPATH by following the How to Write Go Code tutorial.
  3. You are somewhat familiar with the basics of Go. (The Go Tour is a pretty good place to start)
  4. You have a Google account and you have installed the Google Cloud SDK.


There's a lot to say about how to build web applications, in Go or any other language. But we only have one day so we won't try to cover too much. Instead we'll cover the basics, so you'll be able to explore other solutions and frameworks later.

The workshops is divided in eleven sections:


These are places where you can find more information for Go:

My favorite aspect of Go is its community, and you are now part of it too. Welcome!

As a newcomer to the Go community you might have questions or get blocked at some point. This is completely normal, and we're here to help you. Some of the places where gophers tend to hang out are:


This is not an official Google product (experimental or otherwise), it is just code that happens to be owned by Google.

Author: Campoy
Source Code: 
License: Apache-2.0 license

#go #golang #web 

Practical fuzzing with Go

Fuzzing has been seen for the longest time as a niche tool just for experts or security people to use. This talk aims at demystifying fuzzing for all programmers.

Roberto starts by explaining the basics of automated testing and ends up providing actionable how-tos on how to apply them to your daily programming and testing workflows.

#go #golang