Why Haven’t We Stamped Out SQL Injection and XSS Yet?

  • Friday, March 1, 2013 | 10:20 AM – 11:20 AM | Room: Room 132
View all Sessions

Everyone knows about SQL injection and XSS, so why do developers continue to write code with these defects? We’ve performed a study of millions of lines of Java code to understand what leads developers to use unsafe coding practices. We unveil a new open source security escaping library and new coding patterns developers can use to mitigate defects with minimal disruption to their code.


This document was retrieved from http://www.rsaconference.com/events/us13/agenda/sessions/114/why-havent-we-stamped-out-sql-injection-and-xss on Sat, 22 Nov 2014 05:15:35 -0500.
© 2014 EMC Corporation. All rights reserved.