OrangeCon is a community driven, non-profit Cybersecurity Conference in the heart of The Netherlands. Meet old and new friends, listen to talks of Dutch leading cybersecurity experts, and level up your knowledge.
At this event, Sylwia Budzynska will present a beginner-friendly workshop about finding vulnerabilities with CodeQL. See full description of the session here.
CodeQL is a static analysis tool that can be used to automatically scan your applications for vulnerabilities and to assist with a manual code review. We can use it to find vulnerabilities in software at scale, in thousands of projects at once.
This session will introduce fundamentals of security research and static analysis used when looking for vulnerabilities in software. We will use an example of a simple vulnerability, walk through how CodeQL could detect it, and provide examples on how the audience could use CodeQL to find vulnerabilities themselves. We will also introduce how we could scale our security research to thousands of projects at once using multi-repository variant analysis.