A code audit is, at its core, a code interrogation. It is an interrogation that aims to focus itself into vulnerability hypotheses and, ultimately, into vulnerability confirmations. The more efficiently you can answer questions about the code, the more effective your security review will be. Enter CodeQL. CodeQL is GitHub’s semantic code analysis engine. Free for OSS and Academic use, it turns code into queryable data and lets you rapidly hone in on potential issues in your chosen attack surface. In this 2-day workshop, you will learn how to effectively wield CodeQL as an integrated part of your audit feedback loop as you iteratively use and refine CodeQL queries to confirm your vulnerability hypotheses.
Learn more about CodeQL