Finding vulnerabilities at scale by doing static analysis with CodeQL. intrigus’ workshop tells you how!
The workshop covers:
- the basic structure of a CodeQL query.
- the CodeQL libraries for Java.
- building and structuring queries using classes and predicates.
- data flow analysis and taint tracking to find a real-world RCE vulnerability.
The slides can be found here. The workshop was held on 2023-03-02.