Home / Companies / Semgrep / Blog / August 2021

August 2021 Summaries

3 posts from Semgrep

Filter
Month: Year:
Post Summaries Back to Blog
The summer meetup held on August 11 featured a comprehensive overview of the latest enhancements to Semgrep, including updated syntax for crafting more precise rules and recent improvements in taint analysis. Attendees were also informed about the future roadmap for Semgrep, and the session concluded with an open discussion and Q&A segment. For those who could not attend, a recording of the event is available.
Aug 23, 2021 41 words in the original blog post.
At BSides Las Vegas, r2c security researchers Colleen Dai and Grayson Hardaway explored the effectiveness of secure guardrails in reducing XSS vulnerabilities by 50%. They demonstrated, using real code examples, that implementing secure defaults can significantly enhance a company's security posture. Their study included an analysis of XSS occurrences across 125 GitHub repositories using languages such as Java, Ruby, Python, JavaScript, and Golang, and they discussed potential mitigation strategies. Additionally, they introduced a free set of rules that developers can apply to their own codebases to prevent future XSS issues.
Aug 18, 2021 102 words in the original blog post.
Erin Browning and Tim Faraci from Slack deliver a presentation at DEF CON 29 AppSec Village, focusing on optimizing developer satisfaction through rapid scan results and encouraging a mindset that extends beyond mere compliance. They address the challenges of handling false positives and emphasize the importance of incorporating scanning into both developer and security workflows. Additionally, they discuss the need for careful calibration of metrics and performance targets to ensure effectiveness and efficiency in security processes.
Aug 10, 2021 49 words in the original blog post.