Why Haven’t We Stamped Out SQL Injection and XSS Yet?

  • Friday, March 1, 2013 | 10:20 AM – 11:20 AM | Room: Room 132

View all Sessions

Everyone knows about SQL injection and XSS, so why do developers continue to write code with these defects? We’ve performed a study of millions of lines of Java code to understand what leads developers to use unsafe coding practices. We unveil a new open source security escaping library and new coding patterns developers can use to mitigate defects with minimal disruption to their code.


This document was retrieved from on Sun, 04 Oct 2015 08:47:28 -0400.
© 2015 EMC Corporation. All rights reserved.