Extensions of the CodeQL vulnerability search tool by TELECOM Nancy students

2nd year students worked on the search for new bugs and new vulnerabilities using the CodeQL tool, as part of their PIDR (Initiation and Research Discovery Project) in collaboration with the company Catena Cyber .

CodeQL is an open-source tool developed by the GitHub Security Lab that allows you to analyze large volumes of computer code to identify computer flaws. A flaw is a weakness in a computer system, which can be exploited by an attacker to undermine the integrity of this system. The students proposed three extensions of the tool which were validated and integrated by the creators of CodeQL.

These extensions notably made it possible to find a computer bug affecting more than 15 open-source projects out of the 414 projects tested, including the Suricata project (intrusion detection system).

Cybersecurity at TELECOM Nancy

TELECOM Nancy trains engineers in computer science and digital sciences in three years and offers a specialization in cyber-security entitled ” Internet Systems and Security “.

The school is a member of the CONCORDIA European consortium of excellence in cyber-security and of the European cyber-security skills alliance Erasmus+ REWIRE, and participates in the cyber-reservist center in collaboration with the Ministry of the Armed Forces.

Equipped with state-of-the-art technological equipment including a professional cyber-range and supported by the expertise of its teacher-researchers and its partner companies, TELECOM Nancy now offers a unique cyber-security training offer in the Grand Est and responds to a critical need: the global shortage of cybersecurity experts.

Partager cet article