Overview

One of the most compelling aspects of CodeQL is its extensibility. Rather than being limited to a set of out of the box functions, new functionality can be added by authoring new queries using a powerful and comprehensive programming language called QL. Having the ability to author new CodeQL queries has a number of advantages such as being able to find new security vulnerabilities and being able to model new frameworks and codebases to provide higher-fidelity query results.

To support effective use of CodeQL, this engagement offers a systematic approach to learning CodeQL through the use of a structured set of 2 hour courses on topics relevant to new and experienced CodeQL authors. It offers introductory, intermediate, and advanced courses in the following areas:

• QL Core - Which teaches the QL language fundamentals
• Language Dependent Features - Which teaches the specific details of using CodeQL (and the standard library) for a given programming language.
• CodeQL Tooling, Infrastructure, and Practice - Which covers a variety of topics in using the non-query related aspects of CodeQL in deployment and command line scenarios.
• CodeQL Explorations and Projects - Which covers advanced topics in CodeQL as well as custom designed projects such as capture the flag exercises.

Target Audience

• Security Researchers
• Application Security Teams
• Software Engineering Technical Leads

Key Features and Benefits

• A guided interactive training with a CodeQL expert to gain a deeper understanding of CodeQL.
• Gain proficiency in the topics covered.
• Learn reusable patterns for query development for similar problems.
• Receive example CodeQL databases, queries and learning material for continuing your learning after the session.

Syllabus

Each course will be delivered as a 2 hour interactive remote session. An engagement will typically consist of multiple courses delivered as part of a “learning path” tailored towards your goals.

Learning/Business Outcomes

• Enhanced understanding of CodeQL topics covered by the selected training modules.
• Participants will be able to apply the patterns and approaches covered in the session to similar problems.

Prerequisites

• A CodeQL Analysis Engineer has discussed your training goals and has ensured that the courses are available for the topics you want to learn about.
• A CodeQL Analysis Engineer has made a recommendation for a learning path.