BSides Las Vegas: the power of guardrails

At BSides Las Vegas, r2c security researchers Colleen Dai and Grayson Hardaway explored the effectiveness of secure guardrails in reducing XSS vulnerabilities by 50%. They demonstrated, using real code examples, that implementing secure defaults can significantly enhance a company's security posture. Their study included an analysis of XSS occurrences across 125 GitHub repositories using languages such as Java, Ruby, Python, JavaScript, and Golang, and they discussed potential mitigation strategies. Additionally, they introduced a free set of rules that developers can apply to their own codebases to prevent future XSS issues.