Security Audit

What it does

The Security Audit skill provides a structured framework for identifying and addressing security vulnerabilities during development and review processes. It systematically assesses applications against common vulnerability checklists, focusing on areas like OWASP Top 10 concerns, dependency management, authentication & authorization, and input validation. The skill categorizes findings by severity and offers clear remediation steps to improve overall application security posture.

When to use it

• When performing a general "audit" or "security review" of an application.
• During development to proactively identify potential vulnerabilities.
• To ensure compliance with security best practices and standards.
• When reviewing code for security flaws before deployment.

Key capabilities

• OWASP Top 10 & Common Vulnerabilities Assessment: Checks for injection flaws, broken access control, insecure design, cryptographic failures.
• Dependency Management Scanning: Identifies known vulnerabilities in third-party libraries and outdated packages.
• Authentication & Authorization Review: Evaluates credential management, session handling, and multi-factor authentication implementation.
• Input Validation & Data Handling Checks: Validates data sanitization, output encoding, and secret management practices.
• Severity Categorization: Classifies identified vulnerabilities as Critical, High, Medium, or Low.
• Remediation Guidance: Provides clear steps to address each security issue.

Example prompts

• "Perform a security audit of this code."
• "Can you review this application for common vulnerabilities?"
• "Audit the authentication and authorization mechanisms in this system."

Tips & gotchas

• The skill systematically goes through predefined categories, so be prepared to provide relevant code or configuration files.
• It focuses on identifying potential issues; it does not guarantee complete security coverage.
• Review the remediation steps provided carefully and implement them appropriately.