61 Photos and videos
Big news! Semmle is joining the @Github team to bring community-powered security analysis to millions of developers. Learn more from Semmle CEO @oegerikus here: hubs.ly/H0kQZ2y0
4
60
154
Semmle retweeted
2 Dec 2019
ICYMI: We're running a CTF until December 31st. Write a CodeQL query to find a specific class of DOM-based XSS vulns. The 2 best submissions will win Nintendo Switches, and 10 additional entries will receive coupons that can be used for GitHub Swag.
securitylab.github.com/ctf/j…
1
18
56
Semmle retweeted
25 Nov 2019
We've just launched a new slack workspace for anyone interested in being part of the mission to secure the open source software we all depend on. ghsecuritylab.slack.com/
If you'd like to receive an invitation to join the workspace, send us a DM with your email address.
1
22
45
Semmle retweeted
17 Nov 2019
Yesterday we had our first GitHub Security Meetup, with ligthning talks by @kevin_backhouse @Nosoynadiemas @agustingianni and Abishek Arya (Google). But also with exciting discussions with security folks. Thanks to all attendees and others: stay tuned for the next one in January.
16 Nov 2019
.@kevin_backhouse walking us through the process of refining a query to find vulnerabilities
4
12
Semmle retweeted
15 Nov 2019
Learn how our security researcher @nicowaisman found wireless vulnerabilities in the Linux Kernel, and variants, thanks to CodeQL: securitylab.github.com/resea…
9
30
Semmle retweeted
15 Nov 2019
Want to challenge your vulnerability hunting skills? Try our latest Capture The Flag and discover XSS-unsafe jQuery plugins: securitylab.github.com/ctf/j…
1
26
57
Semmle retweeted
14 Nov 2019
Check out the GitHub Security Lab bounty program! securitylab.github.com/bount…. Write a query, find bugs, get rewarded.
11
19
Welcome to the GitHub Security Lab @GHSecurityLab! Join us and contribute to secure the world's code! Visit securitylab.github.com
4
Want to learn more about QL and how you can use it to find variants of vulnerabilities in your code? Join us for our Semmle User Group this Wednesday night at Mozilla. See the event details for more information.
meetup.com/Semmle-San-Franci…
2
4
Semmle security researcher @kevin_backhouse discloses another integer overflow vulnerability in libssh2, which could potentially lead to information disclosure blog.semmle.com/libssh2-inte…
6
9
Wondering how @fjserna found 13 CVEs in U-boot? Watch his #BlackHat presentation "Using One Exploitable Zero-Day to Eradicate an Entire Class of Vulnerabilities" on-demand: hubs.ly/H0l0c_V0
1
7
Is your code VUCA (Volatile, Uncertain, Complex, Ambiguous)? Let's see how the OODA Loops theory inspires our code review practices. hubs.ly/H0l0c_y0
2
Semmle retweeted
3 Oct 2019
Join us today for some @Semmle fun and examples of finding vulnerabilities! Let's democratize security
Imagine if your dev team could have automated code review powered by security expertise? Tomorrow, join @oegerikus and @fjserna to see how community-powered security can become a part of the developer’s workflow. hubs.ly/H0l092P0
3
7
In this video, @kevin_backhouse discusses the libssh2 integer overflows and out-of-bounds read he recently discovered. See how it can be triggered by connecting to a malicious ssh server hubs.ly/H0l094z0
5
Imagine if your dev team could have automated code review powered by security expertise? Tomorrow, join @oegerikus and @fjserna to see how community-powered security can become a part of the developer’s workflow. hubs.ly/H0l092P0
Semmle retweeted
30 Sep 2019
Thanks for everyone that attend my QL workshop at #Ekoparty!
Here is some of the material covered during the workshop:
github.com/nicowaisman/QLWor…
1
21
63
Are unit tests really effective in preventing bugs? We analyzed over 50k LGTM projects in Java, Python, and Javascript to find out. hubs.ly/H0l17-D0
1
Now in beta! LGTM is supporting Golang and we have some projects that you can explore. Check them out and suggest others you'd like us to analyze. hubs.ly/H0l167w0
5
10
.@mmolgtm takes a deep dive into past Android #deserialization vulnerabilities that exploited C pointers wrapped inside Java objects. hubs.ly/H0k_Nrz0
11
20
Semmle retweeted
26 Sep 2019
Un honor tener a @nicowaisman en la eko, esta vez con su workshop "Cazando bugs con redes de pesca". Aprendimos cómo modelar bugs para encontrar vulnerabilidades 🎣
.
Such an honor to have @nicowaisman at ekoparty, this time with his workshop "Hunting bugs with fishing nets" 🎣
1
5
24
Imagine if your dev team could have automated code review powered by security expertise? Join @oegerikus and @fjserna as they share their vision for community-powered secure development: hubs.ly/H0kZ9290
1