Semmle Blog

Java HashSet: Setting in-house coding style with QL

An overview of how you can use custom QL queries to highlight uses of Java's HashSet and prompt the developer to use LinkedHashSet instead.

October 17, 2019

Another libssh2 integer overflow (CVE-2019-17498)

Semmle researcher Kevin Backhouse describes a new integer overflow vulnerability in libssh2 and explains the benefits of using variant analysis with QL when reporting a vulnerability.

October 16, 2019

Abstract classes for extensible queries

An overview of how abstract classes can be used to make queries easily customizable.

October 04, 2019

QL training slides

October 03, 2019

Golang support on LGTM - now in beta

October 01, 2019

Announcing the CTF winners

September 25, 2019

Securing software together: GitHub + Semmle

September 18, 2019

Bridging the gap between developers and security teams

September 17, 2019

PII data leaks: Identifying personal information in logs with QL

September 16, 2019

Quest for an Exploit using QL

Semmle security researcher Kevin Backhouse explains how he used QL to find an exploitation path for a bug that he had discovered in Apple's ICMP packet-handling code.

September 13, 2019

Finding Insecure Deserialization in Java

Our security research team discovered insecure deserialization in Java, specifically in an Apache Struts vulnerability. In this tutorial, learn how you can find java deserialization vulnerabilities using Semmle QL.

September 12, 2019