Overview
Explore a comprehensive analysis of cross-site scripting (XSS) remediation efforts across GitHub Open Source projects in this 49-minute conference talk from AppSecUSA 2017. Gain insights into the challenges of portfolio-wide vulnerability fixes, including developer buy-in, coding style guide compliance, and integration with existing project processes. Learn about the unique scaling approach that focused on broad risk assessment, implementation of missing security controls, and automated JSP source code modification. Compare this method to traditional manual and automated techniques, as well as scaling through training and offshore capabilities. Benefit from the speakers' extensive experience in web application security and data analytics as they share concrete statistics, lessons learned, and alternative strategies for large-scale XSS remediation.
Syllabus
What We Learned Remediating XSS in GitHub Open Source Projects - AppSecUSA 2017
Taught by
OWASP Foundation