BSides Las Vegas: the power of guardrails

Research on guardrails and how to slash the risk of XSS in half

In this BSides Las Vegas talk, r2c security researchers Colleen Dai and Grayson Hardaway present a study on the effectiveness of secure guardrails and how to slash the risk of XSS by half.

Learn how they used real code to show that secure defaults can significantly raise a company’s security bar. Colleen and Grayson also present XSS findings across 125 repos on GitHub using Java, Ruby, Python, JavaScript, or Golang, discuss how those occurrances could have been mitigated, and share a free set of rules that you can immediately run on your own code to prevent XSS from occurring in the future.


Semgrep Logo

Semgrep lets security teams partner with developers and shift left organically, without introducing friction. Semgrep gives security teams confidence that they are only surfacing true, actionable issues to developers, and makes it easy for developers to fix these issues in their existing environments.

Find and fix the issues that matter before build time

Semgrep helps organizations shift left without the developer productivity tax.

Get started in minutesBook a demo