Performing Security Code Review

What it does

This skill analyzes code to identify potential security vulnerabilities. It can examine code for common issues like SQL injection, cross-site scripting (XSS), and insecure deserialization. The goal is to improve the overall security posture of a codebase by proactively finding and suggesting fixes for weaknesses.

When to use it

• Before deployment: Integrate into your CI/CD pipeline to automatically scan code changes for vulnerabilities before they reach production.
• During code reviews: Use as an automated assistant during manual code review processes, highlighting potential security concerns for human reviewers.
• For legacy codebases: Quickly assess the security risks within older code that may not have been initially developed with modern security practices in mind.
• When onboarding new developers: Help ensure new team members adhere to secure coding standards and best practices.

Key capabilities

• Vulnerability identification
• Security code analysis
• Common vulnerability detection (SQL injection, XSS, etc.)
• Suggesting fixes for identified vulnerabilities

Example prompts

• "Review this Python script for potential security flaws: [paste code]"
• "Can you analyze this JavaScript function and identify any XSS risks? [paste code]"
• "Perform a security code review on this Java class, focusing on SQL injection vulnerabilities. [paste code]"

Tips & gotchas

The skill's effectiveness depends heavily on the quality of the provided code; ensure it is complete and representative of the system being analyzed. While helpful, always combine automated analysis with human expertise for comprehensive security assessments.