- 2026-07-14 –, Conference Hall Complex B (S4B)
- 2026-07-14 –, Conference Hall Complex B (S4B)
All times in Poland This tutorial will introduce fundamentals of security research and CodeQL when looking for security vulnerabilities in software. We'll share how to look for vulnerabilities in code and how to use static analysis to help us find sources, sinks and vulnerabilities. Using an example of a vulnerability in an open source project that the speaker has found, CVE-2024-32022, we will walk through how we could detect it manually by reading code, learn how to write CodeQL, and by the end write a CodeQL query to find this vulnerability and its variants.
Sylwia ‘BlazingWind’ Budzynska is a security researcher at GitHub Security Lab, where she hunts for vulnerabilities in open source software, specializing in Python and at-scale static analysis tooling. She has found 80+ CVEs and spoken at a number of conferences and events, including The Hack Summit Warsaw, OrangeCon Amsterdam, CoderGirls Aarhus, 0-day Aarhus and others.
Most of her research is available on https://github.blog/author/sylwiabudzynska/ and most of her advisories on https://securitylab.github.com/advisories/.
In free time, Sylwia enjoys dance classes, reading fantasy, hiking and gaming.