Skip to content

Commit ba5d79e

Browse files
author
AxisX
authored
Update README.md
1 parent 6765d38 commit ba5d79e

1 file changed

Lines changed: 60 additions & 1 deletion

File tree

README.md

Lines changed: 60 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1,60 @@
1-
# Codeql-In-Java-Security
1+
# Codeql-In-Java-Security
2+
3+
### (1)Products
4+
#### Dubbo
5+
https://securitylab.github.com/research/apache-dubbo/
6+
7+
#### Emissary
8+
https://securitylab.github.com/research/NSA-emissary/
9+
10+
#### Rhino
11+
https://securitylab.github.com/research/rhino-in-the-room/
12+
13+
#### Apache Geode
14+
https://securitylab.github.com/research/in-memory-data-grid-vulnerabilities/
15+
16+
#### Struts2
17+
https://securitylab.github.com/research/apache-struts-double-evaluation/
18+
https://securitylab.github.com/research/apache-struts-CVE-2018-11776/
19+
https://securitylab.github.com/research/apache-struts-vulnerability-cve-2017-9805/
20+
https://github.com/githubsatelliteworkshops/codeql/blob/master/java.md
21+
https://help.semmle.com/QL/ql-training/java/apache-struts-java.html#1
22+
23+
#### Spring
24+
https://securitylab.github.com/research/spring-data-rest-CVE-2017-8046-ql/
25+
https://securitylab.github.com/research/spring_amqp_exploit_CVE-2017-8045/
26+
https://blog.gypsyengineer.com/en/security/detecting-dangerous-spring-exporters-with-codeql.html
27+
https://infosecwriteups.com/analyzing-cve-2022-22980-to-discover-a-real-exploitable-path-in-the-source-code-review-process-with-145d97717656
28+
29+
#### Hessian
30+
https://securitylab.github.com/research/hessian-java-deserialization-castor-vulnerabilities/
31+
32+
#### Swagger
33+
https://securitylab.github.com/research/swagger-yaml-parser-vulnerability/
34+
35+
### (2)Types of Vulnerabilities
36+
#### RMI
37+
https://blog.gypsyengineer.com/en/security/detecting-dangerous-rmi-objects-with-codeql.html
38+
39+
#### XSS
40+
https://medium.com/codex/hunting-for-xss-with-codeql-57f70763b938
41+
42+
#### JWT
43+
https://intrigus.org/research/2021/08/05/finding-insecure-jwt-signature-validation-with-codeql/
44+
45+
#### Deserialization
46+
https://securitylab.github.com/research/insecure-deserialization/
47+
https://www.synacktiv.com/publications/finding-gadgets-like-its-2022.html
48+
49+
#### LDAP
50+
https://www.youtube.com/watch?v=qStzSfsEQGQ
51+
52+
#### Timing Attacks
53+
https://betterprogramming.pub/how-to-find-and-fix-timing-attacks-in-your-java-code-11291a4f7cd
54+
55+
56+
### (3)Static Analysis Paper
57+
https://www.usenix.org/legacy/event/sec05/tech/full_papers/livshits/livshits.pdf
58+
https://hitcon.org/2020/slides/Discover%20vulnerabilities%20with%20CodeQL.pdf
59+
60+

0 commit comments

Comments
 (0)