4. Security & Compliance

Guides implementation of CloudBase Auth v2 using Web SDK, Node SDK, and HTTP APIs for secure login and token handling.

Manages security hooks for Claude Code, enabling protection against harmful commands and securing paths through configurable security settings.

Verifies WordPress.org compliance for freemium plugins, covering feature restrictions, license key validation, and avoiding trialware violations during development.

Securely manages secret tokens in HTTP headers for authentication and security compliance.

Provides safety guidelines to prevent and handle error patterns in agentic engines, ensuring secure and reliable operation.

Detects and exploits authentication bypass vulnerabilities including IDOR and privilege escalation in systems with login, permission control, or JWT/Session authentication.

Performs web application reconnaissance for penetration testing, including directory scanning, port scanning, and service fingerprinting to identify attack surfaces.

Detects and exploits Server-Side Request Forgery (SSRF) vulnerabilities in web applications, targeting URL parameters and remote resource handling features.

Detects and exploits SQL injection vulnerabilities in web applications using UNION, error-based, and blind injection techniques.

Detects and exploits remote code execution vulnerabilities in targets with command execution, code execution, or template injection flaws.

Detects and exploits Local File Inclusion (LFI) and Remote File Inclusion (RFI) vulnerabilities in web applications.

Detects and exploits Cross-Site Scripting (XSS) vulnerabilities including reflected, stored, and DOM-based XSS in web applications.

Audits Value Delivery compliance adherence following pull request pushes to ensure regulatory and process standards are met.

Resolves security vulnerabilities from penetration tests, security audits, and OWASP Top 10 reports for the Ark platform.

Automates CVE research, patching, and security mitigation for Ark projects using API integration and security-focused PR templates.

Comprehensive diagnostics for iOS/macOS accessibility issues, ensuring WCAG compliance and App Store Review readiness.

Provides utilities for implementing privacy manifests, App Tracking Transparency UX, and Privacy Nutrition Labels as required by Apple's WWDC 2023 compliance standards.

Comprehensive reference for iOS file encryption and data protection APIs, including NSFileProtection and FileProtectionType for secure file storage.

Audits and fixes iOS accessibility issues to ensure compliance with WCAG standards and App Store requirements.

Generates LibFuzzer-based fuzz drivers for Python libraries to identify security vulnerabilities through automated input testing.

Provides core building blocks for Suricata signature creation and multi-condition deep packet inspection (DPI) logic.

Generates self-signed SSL/TLS certificates with OpenSSL, including private keys, CSRs, and verification steps.

Conducts SSH penetration testing including vulnerability assessment, configuration enumeration, and credential brute-forcing.

Enables rapid security analysis of network traffic captures (PCAPs) by extracting protocol details through tshark command-line tooling.