Semmle Blog

PII data leaks: Identifying personal information in logs with QL

In this video, you’ll learn how to use Semmle QL to find sensitive or personally identifying information (PII) that gets written to log files.

September 16, 2019

Quest for an Exploit using QL

Semmle security researcher Kevin Backhouse explains how he used QL to find an exploitation path for a bug that he had discovered in Apple's ICMP packet-handling code.

September 13, 2019

Finding Insecure Deserialization in Java

Our security research team discovered insecure deserialization in Java, specifically in an Apache Struts vulnerability. In this tutorial, learn how you can find java deserialization vulnerabilities using Semmle QL.

September 12, 2019

Using QL snapshots for analysis of large open source projects

September 12, 2019

Finding integer overflows in libssh2

September 10, 2019

Python Security: How to find and fix issues with QL

September 10, 2019

In-memory data grid applications: Finding common Java deserialization vulnerabilities with QL

September 05, 2019

How to motivate developers to care about code quality

August 29, 2019

Angry developers: How code quality is affected by negative emotions

August 22, 2019

Black Hat 2019 Recap: CTF challenge, U-Boot and more

Black Hat is always one of the most interesting conferences of the year. Read our Black Hat 2019 recap to hear the takeaway messages from the Semmle team.

August 22, 2019

VLC vulnerabilities discovered by the Semmle security research team

Semmle’s security research team discovers 11 bugs in VLC, the popular media player. The VLC vulnerability CVE-2019-14438 could potentially allow an attacker to take control of the user’s computer.

August 19, 2019