githubsatelliteworkshops / codeql
GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.
☆206Updated 9 months ago
Related projects: ⓘ
- My CodeQL queries collection☆93Updated last year
- Prepackaged and precompiled github codeql container for rapid analysis, deployment and development.☆102Updated 9 months ago
- When MVC magic turns black☆279Updated 4 years ago
- A static byte code analyzer for Java deserialization gadget research☆242Updated 7 years ago
- Collection of community-driven CodeQL query, library and extension packs☆64Updated 3 weeks ago
- ☆69Updated 2 years ago
- [Deprecated] GitHub's Field Team's CodeQL Custom Queries, Suites, and Configurations. See GitHubSecurityLab/CodeQL-Community-Packs instea…☆80Updated 4 months ago
- Starter workspace to use with the CodeQL extension for Visual Studio Code.☆480Updated last week
- Use HTTP Smuggling Lab to learn HTTP Smuggling.☆343Updated last year
- Compiled dataset of Java deserialization CVEs☆60Updated 4 years ago
- CodeQL workshops for GitHub Universe☆91Updated last year
- Finding Java gadget chains with CodeQL☆158Updated last month
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…☆138Updated 6 months ago
- Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.☆119Updated last year
- An example repository that demonstrates how the build custom CodeQL bundles that include query customizations through the `Customizations…☆25Updated 2 years ago
- Personal CodeQL queries☆58Updated this week
- Grammar-based HTTP/2 fuzzer with mutation ability☆40Updated 2 years ago
- Grammar-based HTTP/1 fuzzer with mutation ability☆240Updated 3 months ago
- ☆70Updated 7 years ago
- Deprecated: Please visit https://github.com/github/codeql instead.☆81Updated 2 years ago
- Generic SAST Library☆123Updated 2 months ago
- Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"☆99Updated 4 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆581Updated 3 years ago
- Vulnerable Java based Web Application☆255Updated 3 months ago
- Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js☆52Updated 7 months ago
- Java deserialization exploitation lab.☆234Updated 5 years ago
- GreHack 2021 CodeQL for Java workshop☆74Updated 2 years ago
- JWT Support for Burp☆241Updated last month
- Lab for exploring SSRF vulnerabilities☆245Updated 3 years ago
- MOGWAI LABS JMX exploitation toolkit☆196Updated last year