4. Security & Compliance

Conducts systematic security vulnerability assessments on codebases by analyzing architectural units for deep security review.

Audits e-learning content for WCAG 2.1 AA accessibility compliance, ensuring adherence to web accessibility standards.

Framework for identifying security-relevant capability expansions in software supply-chain version transitions via counterfactual reasoning and contextual analysis.

Provides authentication security patterns for EFT-Tracker using NextAuth, covering password reset, session management, CSRF protection, and security reviews.

Validates SNARK proof submissions and API behavior to ensure cryptographic operations function securely in zero-knowledge applications.

Provides OWASP-compliant security utilities for input validation, XSS prevention, rate limiting, and secure file handling.

Provides security auditing patterns for Midnight Network smart contracts and dApps to identify vulnerabilities, privacy leaks, and cryptographic weaknesses.

Reviews Neon (Postgres) security posture by analyzing roles, connections, IP allowlists, and schema to identify misconfigurations and provide remediation steps.

Scans local networks to discover ONVIF cameras and WS-Discovery enabled IoT devices for security and network inventory purposes.

Enables telnet-based interaction with IoT device shells for security testing, including device enumeration, vulnerability discovery, and credential testing.

Provides comprehensive security guidance, architecture assessments, threat modeling, and compliance verification per OWASP, NIST, and ISO 27001 standards.

Provides guidance and verification for security protocols and regulatory compliance standards across organizational systems.

Implements privacy-preserving patterns using zero-knowledge proofs on Midnight Network for confidential data handling and secure disclosure.

Enables UART console interaction with IoT devices using picocom for penetration testing, including device enumeration and vulnerability discovery.

Scans ONVIF-enabled devices for security vulnerabilities by testing authentication and brute-forcing credentials to assess IP camera security.

Analyzes IoT network traffic to detect protocols and identify security vulnerabilities in device communications.

Provides standardized patterns for governance operations including artifact handling, RBAC management, lineage tracking, and activity logging in OptAIC.

Performs professional network reconnaissance, port scanning, service detection, and vulnerability scanning with nmap and NSE scripts.

Provides standardized patterns for emitting activity logs and ensuring audit compliance in OptAIC, covering mutations and payload design.

Simulates USPTO patent examination to verify compliance with 35 U.S.C. sections and flag potential office action issues.

Audits SonarCloud security vulnerabilities and hotspots in NASA PDS repositories, exporting findings to CSV for triage.

Provides a structured framework to evaluate security risks of third-party GitHub Actions using trust tiers and decision trees for safe adoption.

Automates SonarCloud security issue triage by applying CSV-based review decisions through the SonarCloud API.

Automates security enforcement via branch protection, pre-commit hooks, and SLSA provenance for SOC 2 compliance.