Executable XSS cheat sheets for popular web frameworks

Run a single Semgrep command to check your app for XSS

January 21st, 2021
Share

We’re big fans of the OWASP Cheat Sheet Series, one of the flagship OWASP projects. The series includes detailed information on all kinds of security issues and is an outstanding reference and educational tool.

We developed these cheat sheets to check for code patterns of potential XSS (cross site scripting) in an application. Instead of scrutinizing code for exploitable vulnerabilities, the recommendations in these cheat sheets pave a safe road for developers that mitigates the possibility of XSS in your code. By following these recommendations, you can be reasonably sure your code is free of XSS. Each cheat sheet includes a single executable command to scan your code for XSS issues.

Our first four cheat sheets scan these popular web app frameworks:

More background on XSS is available in the OWASP XSS Prevention Cheat Sheet.

If you’re interested in contributing your own Semgrep rules back to the community (for XSS or other issues), check out the semgrep-rules repository. And stay tuned for more cheat sheets like these!

About

Semgrep enables teams to use industry-leading AI-assisted static application security testing (SAST), supply chain dependency scanning (SCA), and secrets detection. The Semgrep AppSec Platform is built for teams that struggle with noise by helping development teams apply secure coding practices.