Introduction to Secure Code Review and Finding Vulnerabilities With CodeQL

CoderGirls Aarhus and GitHub invite you to this free meetup for all women interested in programming on 6th February 2025 at Incuba Katrinebjerg.

Agenda
17:00 - Doors open
17:10 - Word from CoderGirls’ organizers
17:15 - Talk: Introduction to security research and static code analysis with CodeQL by Sylwia Budzynska
17:45 - Light dinner sponsored by GitHub
18:15 - Workshop: Finding vulnerabilities with CodeQL by Sylwia Budzynska
19:00 - Networking and knowledge sharing
20:00 - Thank you for today!

Talk: Introduction to security research and static code analysis with CodeQL by Sylwia Budzynska
This session will introduce fundamentals of security research when looking for vulnerabilities in software via source code review. We will use an example of a simple vulnerability, walk through how CodeQL could detect it, and provide examples on how the audience could use CodeQL to find vulnerabilities themselves.

CodeQL is a static analysis tool that can be used to automatically scan your applications for vulnerabilities and to assist with a manual code review. We can use it to find vulnerabilities in software at scale, in thousands of projects at once.

Workshop: Finding vulnerabilities with CodeQL by Sylwia Budzynska
Now that we’ve learned the fundamentals of security research, we can use them in practice, and find vulnerabilities in a real-life open source project. In this session, using an example of a vulnerability that Sylwia has found, CVE-2024-32022, you will learn how to write CodeQL and how you could find this vulnerability yourself.
Perhaps, by the end of this session, you get inspired for your own security research, and find vulnerabilities yourself?

Note: bring your laptop to follow along with the workshop. You will need a GitHub account for the workshop. You can also install VS Code, but it's not required.

All attendees who complete the workshop and run all associated CodeQL queries, will be a part of a lottery to win GitHub Timbuk2 Backpack.

About the speaker
Sylwia Budzynska is a security researcher at GitHub Security Lab, where she finds and discloses vulnerabilities in open source software. She has found 50+ CVEs. Most of her advisories are published on GitHub Security Lab's website, together with other great researchers from GitHub. Check them out at securitylab.github.com/advisories.

Location
This meetup will be at:
Incuba Katrinebjerg 18th floor
Åbogade 15
8200 Aarhus N.

When you arrive, comment on the Meetup event page, and someone will open the door for you.

Thanks to Microsoft for helping with the venue!