Finding Security Misconfigurations

What it does

This skill identifies potential security vulnerabilities in cloud and infrastructure environments. It leverages established security best practices and the author’s experience to pinpoint common misconfigurations that could be exploited. The skill focuses on identifying weaknesses rather than remediating them; it serves as a detection tool for further investigation.

When to use it

• New Infrastructure Deployments: Before launching new cloud resources or infrastructure, use this skill to proactively identify and address potential vulnerabilities.
• Post-Deployment Security Audits: Regularly scan existing environments to ensure ongoing compliance with security best practices.
• Incident Response Preparation: Simulate a vulnerability assessment as part of incident response planning exercises.
• Configuration Reviews: Integrate into configuration review processes for new or modified infrastructure components.

Key capabilities

• Identifies common cloud and infrastructure misconfigurations
• Based on industry best practices
• Leverages author’s expertise in security

Example prompts

• "Find any potential security misconfigurations in my AWS S3 buckets."
• "Assess the security posture of my Kubernetes cluster, focusing on network policies."
• "Identify common vulnerabilities in my Azure Virtual Machines configuration."

Tips & gotchas

The skill identifies potential issues. Results require manual review and validation by a qualified security professional to determine actual risk and appropriate remediation steps.