> Security testing starts with understanding vulnerabilities. The CVE website lists known software flaws. The OWASP Top Ten highlights common weaknesses. With this knowledge, we can improve our Go development. This article shows how to put in place robust practices. They are to: fuzz inputs, verify dependencies, and use static analysis tools (SAST).