In this course, we will use CodeQL to analyze the source code of Bootstrap, and find unsafe calls to JQuery that could lead to cross-site scripting (XSS) attacks.
Start free course Join 209 others!
Quickly learn CodeQL, an expressive language for code analysis, which helps you explore source code to find bugs and vulnerabilities. During this beginner-accessible course, you will learn to write queries in CodeQL and find critical security vulnerabilities that were identified in Bootstrap, a popular open-source project.
Upon completion of the course, you'll be able to:
You will walk in the steps of our security researchers, and create:
Know where to find documentation and help, install CodeQL, setup your IDE.
Finding all calls to the jQuery $ function
Finding the first argument of all calls to the $ function
The CodeQL JavaScript library provides a jquery predicate
Finding jQuery property reads
Using local data flow analysis to find jQuery plugins
Using local data flow analysis to find jQuery plugins options
Detecting untrusted data flow sources
Using global data flow analysis: finalizing the taint tracking query
1069 minutes
All public courses on Learning Lab are free.
Learn to use CodeQL, a query language that helps find bugs in source code. Find 9 remote code...
If you are looking for a quick and fun introduction to GitHub, you've found it. This class will get...
This course will walk you through everything you need to start organizing ideas and collaborating...
Learn new skills by completing fun, realistic projects in your very own GitHub repository.