4. Security & Compliance

Prevents XSS, SQL injection, and command injection attacks via input sanitization in web applications.

Provides RBAC design and implementation patterns for least-privilege access control, multi-layer authorization, and secure permission checks.

Provides on-demand security analysis for domain-specific security tasks, activating as required.

Provides security review for Next.js, Rust, and ClickHouse applications, covering authentication, input validation, secrets handling, and sensitive data protection.

Reviews code changes to identify security vulnerabilities and ensure adherence to quality standards.

Conducts comprehensive code security audits, identifies vulnerabilities, and ensures permission compliance with security standards.

Conducts comprehensive system audits analyzing security, performance, backend architecture, and frontend UI/UX to assess system health and code quality.

Provides security hardening best practices for Shopify Apps, covering OWASP Top 10, authentication, data protection, and secure coding patterns for Remix.

A tool for ethical hacking and penetration testing, designed to intentionally break software systems to identify security vulnerabilities.

Conducts security code reviews to identify vulnerabilities and ensure compliance with security best practices.

Executes untrusted code in isolated environments to prevent host system compromise, automatically selecting the appropriate runtime (Python, Node, etc.).

Manages secure storage and retrieval of configuration parameters and secrets (e.g., credentials, API keys) in .NET Aspire applications.

Reviews Dart code for security vulnerabilities, focusing on libsignal cryptographic library usage and secure coding patterns.

Validates GitHub projects for open source readiness by ensuring legal documentation and removing sensitive data from git history to prevent security risks.

Provides security-focused guidelines for JWT token creation, validation, and storage following industry best practices.

Provides secure OAuth 2.0/2.1 implementation guidelines with PKCE and security best practices.

Provides guidelines for developing secure Python cybersecurity tools with secure coding practices, async scanning, and structured security testing methodologies.

Guides secure implementation of NextAuth.js v5 authentication in Next.js, covering session management and security best practices.

Provides secure coding best practices for backend development and microservices, emphasizing input validation and authentication to prevent vulnerabilities.

Guidelines for implementing Auth0 authentication with security best practices, including rules, actions, and SDK integration.

Guides secure implementation of Clerk authentication in Next.js applications using middleware, hooks, and security best practices.

Applies STRIDE methodology to systematically identify security threats during threat modeling sessions and security documentation.

Derives security requirements from threat models and business context to create actionable security user stories and test cases.

Enables GDPR-compliant data handling with consent management, data subject rights implementation, and privacy by design for EU personal data systems.