Rethinking Security Research

We research the root causes of code vulnerability. Two applications drive our work: advancing developer-empowering defensive measures, and improving the security capabilities of Coverity's products.

Fixing XSS: a Guide for Java Developers

Our latest research focuses on cross-site scripting (XSS) mitigation. This research was presented at RSA 2013. We leverage a precise analysis for XSS in our static analysis tool, as well as documentation on how to fix XSS, and a library to help Java web developers to fix this issue.

Download Documentation

You can get the latest version of Coverity Security Library directly on GitHub or on Maven.

Fixing XSS: a practical guide for developers is available online as a living document.

Recent blog posts

Secure Code: By Design? Serendipity? Or...? Jon
Handling web frameworks; a case of Spring MVC - Part 1 Romain
On Detecting Heartbleed with Static Analysis Andy
A quick post on Apple Security 55471, aka goto fail Jon