Courses

Learn more about the training offered at INFILTRATE

GitHub Dismissed: Finding Whole Classes of Vulnerabilities with CodeQL

A code audit is, at its core, a code interrogation. It is an interrogation that aims to focus itself into vulnerability hypotheses and, ultimately, into vulnerability confirmations. The more efficiently you can answer questions about the code, the more effective your security review will be. Enter CodeQL. CodeQL is GitHub’s semantic code analysis engine. Free for OSS and Academic use, it turns code into queryable data and lets you rapidly hone in on potential issues in your chosen attack surface. In this 2-day workshop, you will learn how to effectively wield CodeQL as an integrated part of your audit feedback loop as you iteratively use and refine CodeQL queries to confirm your vulnerability hypotheses.

Learn more about CodeQL

Course Information

Date: October 13th - October 14th
Course Fee: $2,600
CPE Credits: 0

View the Conference Calendar

More Infiltrate Courses

If you are trying to determine which course is best suited for you, email us at infiltrate@immunityinc[dot]com and we will assist you.

See all the courses

Syllabus

Course Length: 2 Days

DAY 1

  • CodeQL CLI (1hr): Introduction to the CodeQL command line tools
  • Intro to CodeQL for C++ (2hrs): Searching for structural patterns in your code e.g. find all calls to strcpy that happen inside a loop
  • Practical Project (1hr): CTF-style project to search for vulns in an open source project
  • Trees and Graphs in CodeQL (1hr): Querying the call graph and control flow
  • Practical Project (2hrs): Continue project work

DAY 2

  • Dataflow (2hrs): Recap previous day and introduce dataflow library
  • Practical Project (1hr): Use dataflow to refine results of our query
  • Advanced Dataflow (1.5hrs): Understanding the limitations of dataflow, how to customize the analysis with additional edges + sanitizers, other useful libraries (guards)
  • Practical Project (2hr): Continue project, customizing dataflow to find additional results
  • Conclusion (0.5hr): Wrap up, other CodeQL resources, CodeQL bounty program

Infiltrate Sponsors

Register Now

Please don’t be one of those people who registers at the last minute after all the tickets have been sold!

Join us at the conference

Training & Workshops

Learn more about the technical training and workshops offered at INFILTRATE

Attend a session