CodeQL Roundtable: Leveraging Static Analysis for Bug Bounties
Offered By: Bugcrowd via YouTube
Course Description
Overview
Explore the world of CodeQL and its impact on bug bounties and open-source security in this informative roundtable discussion featuring @JLLeitschuh. Gain insights into how CodeQL can be leveraged to uncover vulnerabilities, earn bounties, and enhance the security of open-source software. Learn about the importance of HTTPS, vulnerability locations, and effective remediation strategies. Discover the role of LGTM, GitHub notifications, and bounty programs in the process. Delve into future plans for CodeQL implementation and examine the Nettie vulnerability case study. Engage with a Q&A session at the end to further expand your understanding of this powerful security tool.
Syllabus
Intro
Title
Why is HTTPS important
Location of vulnerability
Who was vulnerable
How to fix it
Enter CodeQL
LGTM
How I did it
GitHub notifications
GitHub bounty
Slide deck
Future plans
Nettie vulnerability
Taught by
Bugcrowd
Related Courses
Discover Vulnerabilities with CodeQLHackerOne via YouTube Event-based Fuzzing, Patch-based Research, and Comment Police - Finding Bugs Through a Bug
Black Hat via YouTube Protect Your Code with GitHub Security Features
GOTO Conferences via YouTube Security as Code - A DevSecOps Approach
NDC Conferences via YouTube Protect Your Code with GitHub Security Features
NDC Conferences via YouTube