Discover vulnerabilities with CodeQL

About the Speaker

Boik Su is currently in CyCraft as a security researcher focusing on web security and threat hunting. He has received some awards from CTFs, been the speaker at various security conferences like ROOTCON 13, OWASP Global AppSec - DC, AVTokyo, NanoSec, and others like OSCON and Taiwan Modern Web. He is also the lecturer at HITCON Training and National Center for Cyber Security Technology in Taiwan.


This talks is an introduction to CodeQL and its practical functionality. In this talk, Boik will showcase some vulnerabilities that he has found through utilizing CodeQL’s powerful static and taint analysis. There’s even one flaw that could lead to RCE! Consequently, the audience will understand the concepts of static analysis, taint analysis, data flow analysis, and so on after the talk.