Presented at
CanSecWest 2022,
May 18, 2022, 12:30 p.m.
(120 minutes).
In this workshop I will get you up and running with CodeQL avoiding common pitfalls that usually make people abandon attempts to use a new tool. Once this friction is behind our back, we will focus not on solving the halting problem but translating auditing ideas into queries that will guide you through a target codebase.
Presenters:
-
Abraham Aranguren
- 7A Security
After 15 years in itsec and 22 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews, and training. Co-Author of the Mobile, Web, and Desktop (Electron) app 7ASecurity courses. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec, and many other events. Former senior penetration tester/team lead at Cure53 and Version 1. Creator of “Practical Web Defense”, a hands-on eLearnSecurity attack/defense course, OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE: Security, MCSA: Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a\_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications
Links:
Similar Presentations: