Analyzer Development

Overview

The Analyzer Development Squad is the core team at CodeThreat, focusing on developing and enhancing our primary analysis tools. This squad is responsible for ensuring the accuracy, efficiency, and effectiveness of CodeThreat's ShiftQL, Legacy On-Demand Scanner, and other third-party scanners.

Expertise

Members of the Analyzer Development Squad are expected to have a strong background in compiler design, LLVM, language syntax, AST (Abstract Syntax Tree), symbolic execution, semantic analysis, dataflow analysis, and various program analysis methods. An interest in these areas is crucial for contributing effectively to the team's objectives.

Responsibilities

• ShiftQL Development: Enhance and maintain CodeThreat's ShiftQL, a custom query language designed for security analysis.

• Legacy Scanner Maintenance: Develop and maintain the legacy CodeThreat On-Demand Scanner, ensuring it remains robust and up-to-date.

• Third-Party Scanners: Integrate and improve third-party scanning tools, ensuring they meet CodeThreat's high standards of accuracy and reliability.

• Common Intermediate Representation (CIR): Develop and optimize the CIR model used across all analysis tools, facilitating consistent and accurate results.

• Language Plugins: Create and refine plugins for various programming languages, enabling comprehensive analysis across diverse codebases.

• Taint Analysis: Develop and enhance decision-making algorithms within the taint analysis model to accurately track the flow of potentially harmful data through applications.

Technology Stack

The scanner tools developed by the Analyzer Development Squad are primarily Command Line Interface (CLI) applications. Proficiency in Python or .NET Core is essential for the development and maintenance of these scanners.

Collaboration and Workflow

The Analyzer Development Squad collaborates closely with the AppSec Research Squad to identify gaps in the analysis tools and complete rule sets using ShiftQL or the Legacy On-Demand Scanner. The squad also works with the Product Squad to integrate feedback based on user interactions and ensure that the tools meet user needs.