From the course: Application Security Testing and Debugging
Join today to access over 25,300 courses taught by industry experts.
CodeQL and advanced static analysis
From the course: Application Security Testing and Debugging
CodeQL and advanced static analysis
Welcome to this video of CodeQL and Advanced Static Analysis. Traditional static analysis tools can only find vulnerabilities that someone already thought to look for. They miss novel attack vectors, complex business logic flows, and organization-specific security requirements. In this video, we'll compare traditional pattern-based analysis with CodeQL semantic approach. Demonstrate CodeQL database extraction and query execution. Configure automated CodeQL workflows in GitHub Actions. Apply scheduling strategies for continuous security scanning. By the end of this video, you will be able to analyze the differences between pattern matching and semantic code analysis. Configure CodeQL workflows with GitHub Actions integration. Implement scheduled security scans using Cron expressions. Evaluate CodeQL analysis results for security vulnerabilities. Let's start by examining what makes CodeQL fundamentally different from traditional static analysis approaches. Here's the fundamental…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.