Why Haven’t We Stamped Out SQL Injection and XSS Yet?

  • Friday, March 1, 2013 | 10:20 AM – 11:20 AM | Room: Room 132

View all Sessions

Everyone knows about SQL injection and XSS, so why do developers continue to write code with these defects? We’ve performed a study of millions of lines of Java code to understand what leads developers to use unsafe coding practices. We unveil a new open source security escaping library and new coding patterns developers can use to mitigate defects with minimal disruption to their code.


This document was retrieved from on Sun, 18 Aug 2019 19:57:35 -0400.