Rethinking Security Research

We research the root causes of code vulnerability. Two applications drive our work: advancing developer-empowering defensive measures, and improving the security capabilities of Coverity's products.

Fixing XSS: a Guide for Java Developers

Our latest research focuses on cross-site scripting (XSS) mitigation. This research was presented at RSA 2013. We leverage a precise analysis for XSS in our static analysis tool, as well as documentation on how to fix XSS, and a library to help Java web developers to fix this issue.

Download Documentation

You can get the latest version of Coverity Security Library directly on GitHub or on Maven.

Fixing XSS: a practical guide for developers is available online as a living document.

Recent blog posts

Improving Applications with Secure Software Design David
A Second Helping of PIE Ian
A Slice of PIE Ian
Unicode Escaping: Is Coverity Affected? Jon
Eric Lippert Dissects CVE-2014-6332, a 19 year-old Microsoft bug Eric
Detecting SSLv3 in Java Jon
Understanding Python Bytecode Romain
Shell Shock in Java Apps Ian
Secure Code: By Design? Serendipity? Or...? Jon
Handling web frameworks; a case of Spring MVC - Part 1 Romain