security-audit

Overview

The security-audit skill is designed to help developers identify and fix security issues in their codebases and infrastructure. It provides a comprehensive set of tools and techniques to scan for vulnerabilities, detect hardcoded secrets, and verify secure coding patterns.

Key Features

• Dependency vulnerability scanning using npm, pip-audit, and other tools
• Secret detection using manual grep patterns and automated scanning with git
• OWASP top 10 vulnerability review
• SSL/TLS verification
• File and directory permission auditing
• Secure coding pattern review

How It Works

The skill provides a set of instructions and commands to execute using various tools and languages. It covers different aspects of security auditing, including dependency vulnerability scanning, secret detection, and secure coding pattern review.

Use Cases

• Scanning project dependencies for known vulnerabilities
• Detecting hardcoded secrets, API keys, or credentials in source code
• Reviewing code for OWASP top 10 vulnerabilities (injection, XSS, CSRF, etc.)
• Verifying SSL/TLS configuration for endpoints
• Auditing file and directory permissions
• Checking authentication and authorization patterns
• Preparing for a security review or compliance audit