Explore a comprehensive analysis of cross-site scripting (XSS) remediation efforts across GitHub Open Source projects in this 49-minute conference talk from AppSecUSA 2017. Gain insights into the challenges of portfolio-wide vulnerability fixes, including developer buy-in, coding style guide compliance, and integration with existing project processes. Learn about the unique scaling approach that focused on broad risk assessment, implementation of missing security controls, and automated JSP source code modification. Compare this method to traditional manual and automated techniques, as well as scaling through training and offshore capabilities. Benefit from the speakers' extensive experience in web application security and data analytics as they share concrete statistics, lessons learned, and alternative strategies for large-scale XSS remediation.
Remediating XSS in GitHub Open Source Projects - Lessons Learned
Overview
Syllabus
What We Learned Remediating XSS in GitHub Open Source Projects - AppSecUSA 2017
Taught by
OWASP Foundation
Related Courses
-
New Methods in Automated XSS Detection - Dynamic Testing Without Static Payloads
-
Practical Approach to Automate the Discovery and Eradication of Open-Source Software Vulnerabilities
-
11,000 Voices - Experts Shed Light on 4-Year Open Source and AppSec Survey
-
Security Posture Assessment and Improvements for Open Source Projects
-
Curating and Securing Open Source for GovCloud
