diff --git a/change-notes/2020-08-18-oauth2.md b/change-notes/2020-08-18-oauth2.md
new file mode 100644
index 00000000000..aa4b566a3f0
--- /dev/null
+++ b/change-notes/2020-08-18-oauth2.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* The query "Use of constant `state` value in OAuth 2.0 URL" (`go/constant-oauth2-state`) has been promoted from experimental status. This checks for use of a constant state value in generating an OAuth2 redirect URL, which may open the way for a CSRF attack.
diff --git a/ql/src/experimental/CWE-352/ConstantOauth2State.qhelp b/ql/src/Security/CWE-352/ConstantOauth2State.qhelp
similarity index 100%
rename from ql/src/experimental/CWE-352/ConstantOauth2State.qhelp
rename to ql/src/Security/CWE-352/ConstantOauth2State.qhelp
diff --git a/ql/src/experimental/CWE-352/ConstantOauth2State.ql b/ql/src/Security/CWE-352/ConstantOauth2State.ql
similarity index 100%
rename from ql/src/experimental/CWE-352/ConstantOauth2State.ql
rename to ql/src/Security/CWE-352/ConstantOauth2State.ql
diff --git a/ql/src/experimental/CWE-352/ConstantOauth2StateBad.go b/ql/src/Security/CWE-352/ConstantOauth2StateBad.go
similarity index 100%
rename from ql/src/experimental/CWE-352/ConstantOauth2StateBad.go
rename to ql/src/Security/CWE-352/ConstantOauth2StateBad.go
diff --git a/ql/src/experimental/CWE-352/ConstantOauth2StateBetter.go b/ql/src/Security/CWE-352/ConstantOauth2StateBetter.go
similarity index 100%
rename from ql/src/experimental/CWE-352/ConstantOauth2StateBetter.go
rename to ql/src/Security/CWE-352/ConstantOauth2StateBetter.go
diff --git a/ql/test/experimental/CWE-352/ConstantOauth2State.qlref b/ql/test/experimental/CWE-352/ConstantOauth2State.qlref
deleted file mode 100644
index 82c080c7754..00000000000
--- a/ql/test/experimental/CWE-352/ConstantOauth2State.qlref
+++ /dev/null
@@ -1 +0,0 @@
-experimental/CWE-352/ConstantOauth2State.ql
diff --git a/ql/test/experimental/CWE-352/ConstantOauth2State.expected b/ql/test/query-tests/Security/CWE-352/ConstantOauth2State.expected
similarity index 100%
rename from ql/test/experimental/CWE-352/ConstantOauth2State.expected
rename to ql/test/query-tests/Security/CWE-352/ConstantOauth2State.expected
diff --git a/ql/test/experimental/CWE-352/ConstantOauth2State.go b/ql/test/query-tests/Security/CWE-352/ConstantOauth2State.go
similarity index 100%
rename from ql/test/experimental/CWE-352/ConstantOauth2State.go
rename to ql/test/query-tests/Security/CWE-352/ConstantOauth2State.go
diff --git a/ql/test/query-tests/Security/CWE-352/ConstantOauth2State.qlref b/ql/test/query-tests/Security/CWE-352/ConstantOauth2State.qlref
new file mode 100644
index 00000000000..7898f39d415
--- /dev/null
+++ b/ql/test/query-tests/Security/CWE-352/ConstantOauth2State.qlref
@@ -0,0 +1 @@
+Security/CWE-352/ConstantOauth2State.ql
diff --git a/ql/test/experimental/CWE-352/go.mod b/ql/test/query-tests/Security/CWE-352/go.mod
similarity index 100%
rename from ql/test/experimental/CWE-352/go.mod
rename to ql/test/query-tests/Security/CWE-352/go.mod
diff --git a/ql/test/experimental/CWE-352/vendor/golang.org/x/oauth2/LICENSE b/ql/test/query-tests/Security/CWE-352/vendor/golang.org/x/oauth2/LICENSE
similarity index 100%
rename from ql/test/experimental/CWE-352/vendor/golang.org/x/oauth2/LICENSE
rename to ql/test/query-tests/Security/CWE-352/vendor/golang.org/x/oauth2/LICENSE
diff --git a/ql/test/experimental/CWE-352/vendor/golang.org/x/oauth2/stub.go b/ql/test/query-tests/Security/CWE-352/vendor/golang.org/x/oauth2/stub.go
similarity index 100%
rename from ql/test/experimental/CWE-352/vendor/golang.org/x/oauth2/stub.go
rename to ql/test/query-tests/Security/CWE-352/vendor/golang.org/x/oauth2/stub.go
diff --git a/ql/test/experimental/CWE-352/vendor/modules.txt b/ql/test/query-tests/Security/CWE-352/vendor/modules.txt
similarity index 100%
rename from ql/test/experimental/CWE-352/vendor/modules.txt
rename to ql/test/query-tests/Security/CWE-352/vendor/modules.txt