Sylwia Budzynska
Sylwia is security researcher at GitHub Security Lab, where she works with finding vulnerabilities in open source software. See hers, as well as other Security Lab researchers' advisories at securitylab.github.com/advisories.
In her free time, she enjoys Magic The Gathering and other TCGs, reading, and playing JRPGs.
Session
It is a truth universally acknowledged, that finding and reporting vulnerabilities in software may be a daunting task. However little known, there are tools and techniques that may assist on this journey.
CodeQL is a static analysis tool that can be used to automatically scan your applications for vulnerabilities and to assist with a manual code review. We can use it to find vulnerabilities in software at scale, in thousands of projects at once.
Join me in this beginner-friendly primer about finding vulnerabilities in software with CodeQL. Perhaps, by the end of this session, you might get inspired and learn how to find your own.