BSides Las Vegas: the power of guardrails

Research on guardrails and how to slash the risk of XSS in half

Pablo Estrada
August 18th, 2021
Share

In this BSides Las Vegas talk, r2c security researchers Colleen Dai and Grayson Hardaway present a study on the effectiveness of secure guardrails and how to slash the risk of XSS by half.

Learn how they used real code to show that secure defaults can significantly raise a company’s security bar. Colleen and Grayson also present XSS findings across 125 repos on GitHub using Java, Ruby, Python, JavaScript, or Golang, discuss how those occurrances could have been mitigated, and share a free set of rules that you can immediately run on your own code to prevent XSS from occurring in the future.

About

Semgrep lets security teams partner with developers and shift left organically, without introducing friction. Semgrep gives security teams confidence that they are only surfacing true, actionable issues to developers, and makes it easy for developers to fix these issues in their existing environments.