Securing web applications is one of the most important aspects, besides creating applications, that we will be learning about in this chapter. Application security is a very wide topic and can be implemented in various ways that are beyond the scope of this chapter.

In this chapter, we will just focus on how we can move our Go web application from the HTTP protocol to HTTPS, which is often called HTTP + TLS (Transport Layer Security), along with securing Go web application REST endpoints using JSON web tokens (JWTs), and protecting our application from cross-site request forgery (CSRF) attacks.