> For the complete documentation index, see [llms.txt](https://codethreat-sast.gitbook.io/codethreat-company-handbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://codethreat-sast.gitbook.io/codethreat-company-handbook/handbook/squads/appsec-research.md). # AppSec Research #### Responsibilities The primary responsibilities include testing CodeThreat's program analysis principles, discovering new vulnerabilities, identifying weaknesses, and creating related content. This includes generating proof-of-concept demonstrations for newly discovered vulnerabilities. #### Collaboration and Workflow The AppSec Research Squad collaborates closely with other squads, particularly the Product and Analyzer Development squads, to implement findings and enhance product security. Regular meetings and continuous learning ensure the team stays updated with the latest security trends and best practices. #### Specific Expectations * **Program Analysis and Vulnerability Discovery**: Test CodeThreat's program analysis principles, discover new vulnerabilities, and identify weaknesses and gaps. * **Content Creation**: Produce detailed reports, insights, and proof-of-concept demonstrations for emerging threats and vulnerabilities. * **Customer Support**: Provide occasional support for application security questions from customers. * **Collaboration with Analyzer Development Squad**: Work directly with the Analyzer Development Squad to identify gaps in analysis tools, complete rule sets using ShiftQL or the CodeThreat Legacy On-Demand Scanner, and write new scanner benchmarks. * **Open Source Scanning**: Scan open-source tools through CodeThreat to discover new vulnerabilities and provide feedback to the Product Squad based on the usage process. #### Collaboration and Culture The AppSec Research Squad values collaboration, with regular meetings to integrate security findings into product development and tool enhancement processes. The culture emphasizes continuous learning and knowledge sharing within the squad and across the organization. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://codethreat-sast.gitbook.io/codethreat-company-handbook/handbook/squads/appsec-research.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.