4. Security & Compliance

Automates security vulnerability testing for OWASP Top 10, SQL injection, XSS, CSRF, and authentication flaws during security assessments.

Validates CSRF protection mechanisms in web applications to prevent cross-site request forgery attacks.

Analyzes project dependencies for security vulnerabilities, outdated packages, and license compliance across npm, pip, composer, gem, and go modules.

Applies Fireflies.ai security best practices for secrets management and access control, including API key security and least privilege implementation.

Conducts database security scans to identify vulnerabilities like SQL injection and weak passwords, providing OWASP-compliant remediation suggestions.

Automates security vulnerability checks, best practices, and CLAUDE.md compliance audits for Claude Code plugins per repository standards.

Performs automated fuzz testing on APIs to identify vulnerabilities such as SQL injection, XSS, and input validation failures through malformed inputs and boundary testing.

Configures role-based access control (RBAC) for Sentry enterprise, managing team permissions and SSO integration for secure organizational access.

Provides secure API key management and OAuth best practices for Linear integrations, ensuring robust authentication and data protection.

Automatically scans code for XSS vulnerabilities, identifying reflected, stored, and DOM-based flaws in HTML, JavaScript, and CSS contexts, and suggests safe proof-of-concept payloads.

Enables seamless integration with secrets managers (e.g., HashiCorp Vault, AWS Secrets Manager) to generate secure configurations for sensitive credential management.

Handles Exa-specific PII data processing, retention policies, and ensures GDPR/CCPA compliance for data privacy in integrations.

Performs automated accessibility audits against WCAG 2.1/2.2 standards, validating ARIA, keyboard navigation, and screen reader compatibility for web applications.

Automates secure API key management including storage, rotation, and access control to prevent unauthorized access and ensure compliance.

Automatically scans project dependencies for known security vulnerabilities to enhance code security and compliance.

Automates cryptocurrency tax calculation, including cost basis methods, capital gains, and Form 8949 generation for regulatory compliance.

Automatically scans code for XSS vulnerabilities, identifying reflected, stored, and DOM-based flaws with safe proof-of-concept suggestions.

Performs automated WCAG 2.1/2.2 compliance audits, validating ARIA, keyboard navigation, and screen reader compatibility.

Automates session security checks to identify vulnerabilities in user sessions, enhancing security posture.

Conducts database security scans for vulnerabilities including SQL injection and weak passwords, providing OWASP-aligned remediation suggestions for PostgreSQL and MySQL.

Analyzes web cookie security configurations to detect vulnerabilities and ensure secure implementation of HttpOnly, Secure, and SameSite attributes.

Conducts comprehensive security audits including vulnerability scanning, compliance checks, and infrastructure analysis to identify and mitigate security risks.

Detects SQL injection vulnerabilities in codebases and provides remediation guidance using a dedicated plugin.

Implements database audit logging to track changes for compliance and security monitoring via triggers, CDC, or native logs.