Thanks to those who attended! Please complete our feedback form so we can stay in touch with you and improve future workshops.
Complete our C++ QL challenge, and come to table 14 in the North Building by Wed 26 June to win a prize.
In this tutorial, participants will:
- obtain a technical overview of the QL language, covering both general principles and its specific application to program analysis and security
- be given access to a QL IDE
- interactively develop their own analyses in QL to find known security vulnerabilities in open-source projects.
Introduction to QL (9:00-11:00)
- Overview of QL
- Syntactic program representation as a database
- Finding query injection vulnerabilities using QL
- Local data flow analysis
Security analysis with QL (11:30-12:30)
- Global data flow analysis
- Finding code injection and deserialization vulnerabilities in Apache Struts using QL
Tutorial instructions can be found at: https://tinyurl.com/dpaql19
Tutorial materials will be available through Google Drive. The tutorial can also be carried out using the query console at https://lgtm.com/query.