4. Security & Compliance

Audits React/TypeScript dApp frontend components for security vulnerabilities in wallet integration and transaction handling using sdk-dapp.

Verifies cryptographic operations execute in constant time to prevent timing attacks in security-sensitive code like smart contracts and custom crypto implementations.

Analyzes smart contract entry points to map attack surfaces and assess security, aiding in security reviews and access control evaluation.

Performs static analysis on MultiversX Rust and Go code to identify security vulnerabilities, supporting security reviews and code scanning setups.

Generates custom Semgrep rules to enforce security best practices for MultiversX blockchain development.

Creates custom Semgrep rules to detect MultiversX-specific security vulnerabilities and coding standard violations in blockchain codebases.

Conducts security audits and provides vulnerability prevention checklists for secure code development.

Manages secrets securely using age encryption, handling encryption, decryption, and common errors in secret management workflows.

Conducts structured security audits on Solidity smart contracts, delivering actionable findings and remediation guidance for security-sensitive code.

Proactively identifies security weaknesses by simulating adversarial attacks on systems, plans, and assumptions before real threats emerge.

Generates structured threat models for DeFi protocols, identifying actors, trust assumptions, attacker goals, and critical attack surfaces to enhance security during design and pre-audit phases.

Generates auditor-ready evidence bundles and AUDIT.md files with protocol invariants, test coverage summaries, and contextual documentation for security audits.

Conducts security reviews against OWASP API Top 10, identifies vulnerabilities, and verifies security best practices for API development.

Scans project dependencies for known security vulnerabilities and CVEs to identify risks in the software supply chain.

Provides dual authentication (session + JWT) with RBAC for multi-tenant applications, securing web UI and API/mobile clients.

Comprehensive code quality assurance with security auditing, vulnerability scanning, and OWASP-compliant testing strategies to identify bugs and security flaws.

Enforces security protocols and quality checks for AI prompts and agent interactions to prevent malicious outputs and ensure safe deployment.

Provides security checklists and patterns for authentication, input validation, secrets management, and secure API development in sensitive features.

Expert in implementing privacy-preserving AI techniques and ensuring GDPR/FERPA compliance for educational data systems.

Provides security checklist and Go patterns for secure authentication, input handling, secrets management, and API endpoints.

Assists in creating, troubleshooting, and managing Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) policies, including dynamic groups and IDCS federation.

Manages Oracle Cloud Infrastructure (OCI) Vault secrets for storage, retrieval, rotation, and authentication with security and compliance focus.

Runs local Aiken smart contract build/test commands to capture security audit evidence. Manual invocation required.

Specializes in implementing modern authentication solutions including WebAuthn, passkeys, and passwordless login with user-friendly UI components.