Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
A tartalmat a Firo Solutions LTD biztosítja. Az összes podcast-tartalmat, beleértve az epizódokat, grafikákat és podcast-leírásokat, közvetlenül a Firo Solutions LTD vagy a podcast platform partnere tölti fel és biztosítja. Ha úgy gondolja, hogy valaki az Ön engedélye nélkül használja fel a szerzői joggal védett művét, kövesse az itt leírt folyamatot https://hu.player.fm/legal.
Hasonló a(z) Hacker Talk sorozathoz
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The Fragmented Podcast is the leading Android developer podcast started by Kaushik Gopal & Donn Felker. Our goal is to help you become a better Android Developer through conversation & to capture the zeitgeist of Android development. We chat about topics such as Testing, Dependency Injection, Patterns and Practices, useful libraries, and much more. We will also be interviewing some of the top developers out there. Subscribe now and join us on the journey of becoming a better Android Developer.
…
continue reading
Discover a whole new take on Artificial Intelligence with Squirro's educational podcast! Join host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and their incredible impact on society, and y ...
…
continue reading
Three nerds discussing tech, Apple, programming, and loosely related matters.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Marc Fennell and a team of people far smarter than him (his words, not ours) take a fun deep dive into how technology is reshaping our lives.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Player FM - Podcast alkalmazás
Lépjen offline állapotba az Player FM alkalmazással!
Lépjen offline állapotba az Player FM alkalmazással!
))
CodeQL with Alvaro Munoz
Manage episode 345110905 series 3370924
A tartalmat a Firo Solutions LTD biztosítja. Az összes podcast-tartalmat, beleértve az epizódokat, grafikákat és podcast-leírásokat, közvetlenül a Firo Solutions LTD vagy a podcast platform partnere tölti fel és biztosítja. Ha úgy gondolja, hogy valaki az Ön engedélye nélkül használja fel a szerzői joggal védett művét, kövesse az itt leírt folyamatot https://hu.player.fm/legal.
In this episode of Hacker Talk:
One of the most powerful newer static analysis tool is CodeQL.
By converting your code base into a Codeql database, you can now write
queries in a read-only way, in order to find security vulnerabilities
and problems in you Code-base.
We wanted to know more about this declarative language called "CodeQL".
Straight from Github's Security Lab, we are joined by Alvaro Munoz!
Alvaro, is a Security Researcher, Leads a team of researchers that leverage Codeql to find and model vulnerabilities at Github, with a background in research related to finding remote code execution bugs through deserialization.
Tune in as we get to hear the ins and out of CodeQL, how to get started, when Codeql was used to find a vulnerability in a public Covid-19 system, how to find vulnerabilities with Codeql and a lot more!
Topics covered:
Learning to thing outsite the box by playing Capture the flag
CodeQL declarative languages
Static code analysis
Getting a broad view of the source code
Writing queries with CodeQL to find vulnerabilities
Modeling vulnerabilities with CodeQL
The learning curve of CodeQL
Quering github repositories for vulnerabilities
Write codeql for a large amount of repositories with lgtm(use it goes before it goes EOL)
Linters vs codeql
CodeQL integrated with continuous integration pipelines
Get started with Codeql
Submit your codeql queries to Github Security Lab's Bug bounty
Best practices for writing queries
Thinking of the code as a database with codeql
Finding vulnerabilities in Covid-19 systems
Best pratices for CodeQL
Reduce false possitives
CodeQL with nvim(neovim)
Improving vim by creating a more interactive development enviroment alternative, "neovim".
LSP integration with neovim.
CodeQL with Emacs
Remote code execution bugs found with CodeQL.
Bugs found in Radar Covid App
Patterns leading to remote code execution
Auditing javascript frameworks
CodeQL vs other static analysis tools
Capture the flag codeql challanges
The future of CodeQL
External links:
https://en.wikipedia.org/wiki/Language_Server_Protocol
https://en.wikipedia.org/wiki/Semgrep
Covid 19 tracing app
- https://securitylab.github.com/research/securing-the-fight-against-covid19-through-oss/
- https://threatpost.com/german-covid-19-contact-tracing-vulnerability-rce/161419/
Github Security Lab web site: https://securitylab.github.com/
Join Github Security Lab Slack Channel:
https://join.slack.com/t/ghsecuritylab/shared_invite/zt-120w4vby8-_O9u9k2hPfgbju1tddBPcg
https://twitter.com/pwntester
Bounty program: https://securitylab.github.com/bounties/
https://codeql.github.com/
https://codeql.github.com/docs/codeql-overview/
http://www.pwntester.com/
https://en.wikipedia.org/wiki/Abstract_syntax_tree
https://en.wikipedia.org/wiki/Control_flow_analysis
https://github.com/github/codeql-learninglab-actions
https://github.com/anticomputer/emacs-codeql/
Special thanks too:
We want to give a huge thanks to Github's Security Lab Team for making this episode a reality!
19 epizódok
Megosztás
Manage episode 345110905 series 3370924
A tartalmat a Firo Solutions LTD biztosítja. Az összes podcast-tartalmat, beleértve az epizódokat, grafikákat és podcast-leírásokat, közvetlenül a Firo Solutions LTD vagy a podcast platform partnere tölti fel és biztosítja. Ha úgy gondolja, hogy valaki az Ön engedélye nélkül használja fel a szerzői joggal védett művét, kövesse az itt leírt folyamatot https://hu.player.fm/legal.
In this episode of Hacker Talk:
One of the most powerful newer static analysis tool is CodeQL.
By converting your code base into a Codeql database, you can now write
queries in a read-only way, in order to find security vulnerabilities
and problems in you Code-base.
We wanted to know more about this declarative language called "CodeQL".
Straight from Github's Security Lab, we are joined by Alvaro Munoz!
Alvaro, is a Security Researcher, Leads a team of researchers that leverage Codeql to find and model vulnerabilities at Github, with a background in research related to finding remote code execution bugs through deserialization.
Tune in as we get to hear the ins and out of CodeQL, how to get started, when Codeql was used to find a vulnerability in a public Covid-19 system, how to find vulnerabilities with Codeql and a lot more!
Topics covered:
Learning to thing outsite the box by playing Capture the flag
CodeQL declarative languages
Static code analysis
Getting a broad view of the source code
Writing queries with CodeQL to find vulnerabilities
Modeling vulnerabilities with CodeQL
The learning curve of CodeQL
Quering github repositories for vulnerabilities
Write codeql for a large amount of repositories with lgtm(use it goes before it goes EOL)
Linters vs codeql
CodeQL integrated with continuous integration pipelines
Get started with Codeql
Submit your codeql queries to Github Security Lab's Bug bounty
Best practices for writing queries
Thinking of the code as a database with codeql
Finding vulnerabilities in Covid-19 systems
Best pratices for CodeQL
Reduce false possitives
CodeQL with nvim(neovim)
Improving vim by creating a more interactive development enviroment alternative, "neovim".
LSP integration with neovim.
CodeQL with Emacs
Remote code execution bugs found with CodeQL.
Bugs found in Radar Covid App
Patterns leading to remote code execution
Auditing javascript frameworks
CodeQL vs other static analysis tools
Capture the flag codeql challanges
The future of CodeQL
External links:
https://en.wikipedia.org/wiki/Language_Server_Protocol
https://en.wikipedia.org/wiki/Semgrep
Covid 19 tracing app
- https://securitylab.github.com/research/securing-the-fight-against-covid19-through-oss/
- https://threatpost.com/german-covid-19-contact-tracing-vulnerability-rce/161419/
Github Security Lab web site: https://securitylab.github.com/
Join Github Security Lab Slack Channel:
https://join.slack.com/t/ghsecuritylab/shared_invite/zt-120w4vby8-_O9u9k2hPfgbju1tddBPcg
https://twitter.com/pwntester
Bounty program: https://securitylab.github.com/bounties/
https://codeql.github.com/
https://codeql.github.com/docs/codeql-overview/
http://www.pwntester.com/
https://en.wikipedia.org/wiki/Abstract_syntax_tree
https://en.wikipedia.org/wiki/Control_flow_analysis
https://github.com/github/codeql-learninglab-actions
https://github.com/anticomputer/emacs-codeql/
Special thanks too:
We want to give a huge thanks to Github's Security Lab Team for making this episode a reality!
19 epizódok
Minden epizód
×
Üdvözlünk a Player FM-nél!
A Player FM lejátszó az internetet böngészi a kiváló minőségű podcastok után, hogy ön élvezhesse azokat. Ez a legjobb podcast-alkalmazás, Androidon, iPhone-on és a weben is működik. Jelentkezzen be az feliratkozások szinkronizálásához az eszközök között.
Hasonló a(z) Hacker Talk sorozathoz
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The Fragmented Podcast is the leading Android developer podcast started by Kaushik Gopal & Donn Felker. Our goal is to help you become a better Android Developer through conversation & to capture the zeitgeist of Android development. We chat about topics such as Testing, Dependency Injection, Patterns and Practices, useful libraries, and much more. We will also be interviewing some of the top developers out there. Subscribe now and join us on the journey of becoming a better Android Developer.
…
continue reading
Discover a whole new take on Artificial Intelligence with Squirro's educational podcast! Join host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and their incredible impact on society, and y ...
…
continue reading
Three nerds discussing tech, Apple, programming, and loosely related matters.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Marc Fennell and a team of people far smarter than him (his words, not ours) take a fun deep dive into how technology is reshaping our lives.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Player FM - Podcast alkalmazás
Lépjen offline állapotba az Player FM alkalmazással!
Lépjen offline állapotba az Player FM alkalmazással!
