Rethinking Security Research

We research the root causes of code vulnerability. Two applications drive our work: advancing developer-empowering defensive measures, and improving the security capabilities of Coverity's products.

Fixing XSS: a Guide for Java Developers

Our latest research focuses on cross-site scripting (XSS) mitigation. This research was presented at RSA 2013. We leverage a precise analysis for XSS in our static analysis tool, as well as documentation on how to fix XSS, and a library to help Java web developers to fix this issue.

Download Documentation

You can get the latest version of Coverity Security Library directly on GitHub or on Maven.

Fixing XSS: a practical guide for developers is available online as a living document.


Recent blog posts

Eric Lippert Dissects CVE-2014-6332, a 19 year-old Microsoft bug Eric
Detecting SSLv3 in Java Jon
Understanding Python Bytecode Romain
Shell Shock in Java Apps Ian
Secure Code: By Design? Serendipity? Or...? Jon
Handling web frameworks; a case of Spring MVC - Part 1 Romain
On Detecting Heartbleed with Static Analysis Andy
A quick post on Apple Security 55471, aka goto fail Jon
To Escape or Not to Escape, That Is The Question Jon
Deliberate null pointer dereferences in the Linux Kernel Andy