We need to create a tool that will make static code analysis to detect security vulnerabilities.
It have to be similar to HP Fortify or Sonar.
The tool must be able to check out code from repository, check for security vulnerabilities, generate issue or failure reports and send it as configured.
Any previous knowledge on creating language compiler, semantic checking.
The tool must be able to detect common security flaws on java and .net code.
Basically it will make a kind of dataflow analysis that models the underlying computation of the entire program checking source for weaknesses that may allow intruder to steal information or inject code on it.
Skills: analysis, .net