Index
- Pre Knowledge
- Static program analysis
- Compilation Principle(编译原理)
- Static Application Security Testing(SAST)
- Static program analysis
- Related tool
-
视频教程
- Program Analysis (Winter 2021) https://www.bilibili.com/video/BV1aL4y167vY
- 南京大学《软件分析》 https://www.bilibili.com/video/BV1b7411K7P4
-
相关文章
视频教程
相关Github
- https://github.com/KpLi0rn/LearnCompiler
- https://github.com/RichardGong/PlayWithCompiler
- https://github.com/RichardGong/CompilersInPractice
相关文章
- 编译原理初学者入门指南 https://mp.weixin.qq.com/s/ZTxVG6KG-4vzbvclC_Q1LQ
- 基本功 | Java即时编译器原理解析及实践 https://mp.weixin.qq.com/s/7PH8o1tbjLsM4-nOnjbwLw
- Java编译原理(javac) https://mp.weixin.qq.com/s/0KaYN30yn-EaMpmlG6RV_w
- Java 动态编译原理深入研究 https://mp.weixin.qq.com/s/QmyNwHQ1Vm2N-QDc8GqyAg
- 深入分析Java的编译原理 https://mp.weixin.qq.com/s/nS7HbYsEPFoZBaBi2Y3r0Q
- 深入分析 Javac 编译原理 https://juejin.cn/post/6844903680798359566
- Javac 源码分析 http://47.100.139.123/blog/article/26
- Javac 原理分析 http://47.100.139.123/blog/article/25
相关文章
- 58集团白盒代码审计系统建设实践系列1:技术选型 https://www.anquanke.com/post/id/235226
- 58集团白盒代码审计系统建设实践2:深入理解SAST https://www.anquanke.com/post/id/237801
视频教程
- Github
- CodeQL Live Episode 1
- LiveQL Episode 2 - The Rhino in the room.
- Community-powered security analysis with CodeQL - GitHub Universe 2020
- Finding security vulnerabilities in JavaScript with CodeQL - GitHub Satellite 2020
- Finding security vulnerabilities in Java with CodeQL - GitHub Satellite 2020
- Security: Workshop 2 - Finding security vulnerabilities in C/C++ with CodeQL
- Workshop: Finding security vulnerabilities in Java with CodeQL: All roads lead to RCE
- Other
- CodeQL as an Audit Oracle (workshop) by Alvaro Muñoz during HacktivityCon 2021
- h@cktivitycon 2020: Discover vulnerabilities with CodeQL
- Securing your code with CodeQL with Sasha Rosenbaum! - OWASP DevSlop
- $3,000 CodeQL query for finding LDAP Injection - Github Security Lab - Hackerone
- CodeQL-youtube
- Variant analysis to find SQL injection using CodeQL - CVE-2019-6986
- Discover vulnerabilities with CodeQL by: Boik Su (@boik_su)
入门文章
- CodeQL query help for Java
- CodeQL从入门到放弃
- Learn Codeql With L4yn3
- Codeql 挖洞?
- Mining an SQL Injection Vulnerability Using CodeQL 基于java-sec-code项目
- CodeQL初入
- 使用 CodeQL 分析闭源 Java 程序
- CodeQL学习笔记
- CodeQL入门
- CodeQL入门2
- CodeQL笔记
- Codeql 入门
- 代码分析平台CodeQL学习手记-系列
- https://lingze.xyz/pages/1948eb/
- codeql学习——污点分析
- CodeQL 快速上手
- CodeQL学习笔记-by fynch3r
- 从Java反序列化漏洞题看CodeQL数据流
- 利用CodeQL寻找Java Deserialization Vulnerabilities
- Codeql分析Vulnerability-GoApp
- https://blog.ycdxsb.cn/categories/research/codeql/
- codeql学习笔记1
- codeql学习笔记2
- Practical Introduction to CodeQL
- CodeQL上手笔记
- 为 CodeQL 自定义规则编写测试文件
- CodeQL快速上手
- CodeQL检测SpringBoot应用敏感信息的返回
- codeql入门指南
- 白盒审计之CodeQL
- CodeQL官方教程中几道QL练习题
- https://codeql.github.com/docs/writing-codeql-queries/ql-tutorials/#ql-tutorials
- CodeQL 试用
- Codeql 入门
- Codeql 入门 java-sec-code项目
- CodeQL使用
- https://www.cnblogs.com/goodhacker/p
实际案例(基于CVE漏洞)
- 深入学习CodeQL by security_lab
- Using CodeQL to detect client-side vulnerabilities in web applications
- Deep-in-codeql
- CodeQL从0到1(内附Shiro检测演示)
- CodeQL 的学习以及尝试漏洞挖掘
- CodeQL漏洞挖掘实战
- CodeQL:“查询”你的下一个漏洞
- S2-057漏洞原作者自述:如何利用自动化工具发现5个RCE
- 使用codeql 挖掘 ofcms
- CodeQL 若干问题思考及 CVE-2019-3560 审计详解
- 我是如何使用codeql挖掘CVE-2021-31856Meshery-sqli的
- 使用 CodeQL 挖掘 CVE-2020-9297
- 如何用CodeQL数据流复现 apache kylin命令执行漏洞
- 使用codeql挖掘fastjson利用链
- CodeQL 污点分析寻找fastjson jndi链
- CodeQL with CVE-2021-2471
- Variant analysis to find SQL injection using CodeQL - CVE-2019-6986
- Hunting for XSS with CodeQL
- 如何用CodeQL数据流复现 apache kylin命令执行漏洞
- CODEQL数据流分析Hadoop
- 漏洞精粹 | 复盘利用 codeql '神器'挖掘 Ognl 漏洞
- CodeQL挖掘React应用的XSS实践
- 我是如何使用codeql发现CVE-2021-31856 Meshery sql注入的
- 利用CodeQL分析并挖掘Log4j漏洞
- NSA emissary多个漏洞分析复现和CodeQL实践
- Use CodeQL to Find CVE-2020-9297
相关Github
- https://github.com/github/securitylab
- https://github.com/advanced-security/codeql-queries
- https://github.com/safe6Sec/CodeqlNote
- https://github.com/github/securitylab/tree/main/CodeQL_Queries
- https://github.com/SummerSec/learning-codeql
- https://github.com/SummerSec/LookupInterface
- https://github.com/githubsatelliteworkshops/codeql
- https://github.com/iflody/codeql-workshop CodeQL Workshop: Find bug in apache struts 2
- https://github.com/haby0/mark
- https://github.com/Semmle/SecurityQueries
- https://github.com/cldrn/codeql-queries
- https://github.com/hac425xxx/codeql-snippets
- https://github.com/msrkp/codeql_for_gadgets
- https://github.com/twosmi1e/Static-Analysis-and-Automated-Code-Audit
- https://github.com/ice-doom/codeql_compile
- https://github.com/Firebasky/CodeqlLearn
入门文章
- Soot使用笔记 https://www.cnblogs.com/xine/p/14511818.html
- 使用soot生成程序流程图和IR文件 https://www.jianshu.com/p/7444be64d5c9
- http://pkuduo.cn/blog/2018/05/08/SOOT/
- Soot的安装与使用 https://www.cnblogs.com/crossain/p/12813643.html
- 阅读笔记 | The Soot framework for Java program analysis:a retrospective https://blog.csdn.net/cat_xing/article/details/115049644
- FlowDroid架构剖析 https://blog.csdn.net/qq_37206105/article/details/119334544 相关Github
- https://github.com/PL-Ninja/MySootScript
- https://github.com/noidsirius/SootTutorial
实际案例
- 利用Soot对APK插桩实践 https://www.cnblogs.com/xine/p/14533697.html
相关文章