4. Security & Compliance

SAST tool using Semgrep to scan code for vulnerabilities, provide OWASP/CWE-mapped remediation guidance, and integrate into CI/CD pipelines.

Scans container images, dependencies, and IaC for vulnerabilities (CVEs), misconfigurations, and license risks, with CI/CD integration and SBOM generation.

Delivers an OWASP security checklist to identify and mitigate common web application security vulnerabilities and ensure compliance.

Comprehensive guide for setting up and troubleshooting GPG commit signing in Git across Windows, macOS, and Linux, ensuring commit integrity and verification.

Advanced GPG key management for secure enterprise and CI/CD workflows, enabling key isolation, automated signing, and scalable multi-key strategies.

Plans accessibility compliance strategies for WCAG 2.2, Section 508, and EN 301 549, including audit planning and remediation.

Conducts deep security audits to review authorization logic, data access boundaries, and protection of sensitive operations.

Quick security audit checklist for Convex applications, verifying authentication, function exposure, argument validation, and row-level access control.

Systematically audits Claude skills through 9 phases to verify standards compliance, code accuracy, and documentation alignment before marketplace submission or issue resolution.

Adds Cloudflare Turnstile bot protection to web forms, logins, and signups, resolving common integration issues.

Analyzes and manages skill permissions, enabling one-time and batch authorization for secure access control.

Validates code against constitutional governance rules and ensures compliance during development and review processes.

Conducts vulnerability reviews, applies OWASP patterns, and performs threat modeling to ensure secure system design and code implementation.

Analyzes binaries via IDA Pro's headless Python API for security research, examining disassembly, functions, and cross-references without a GUI.

Provides OWASP Top 10 vulnerability patterns and remediation guidance for code security reviews and audits.

Enables navigation, modification, and extension of the capemon malware monitoring codebase using Windows API hooking and CAPEv2 sandbox architecture expertise.

Automates detection of bugs, security vulnerabilities, and code quality issues in current branch changes for security audits and code reviews.

AI-assisted security guidance for SaaS applications covering authentication, data protection, API security, and OWASP Top 10 vulnerabilities.

Conducts regulatory compliance testing for GDPR, CCPA, HIPAA, SOC2, and PCI-DSS to ensure legal adherence and audit readiness.

Performs security audits, vulnerability scans, and validates compliance with standards including OWASP, SOC2, and GDPR.

Tests security vulnerabilities using OWASP principles for security audits and authentication testing.

Validates n8n workflow security through credential exposure detection, OAuth flow validation, and API key management testing.

Validates WCAG 2.2 compliance, screen reader compatibility, and inclusive design to meet ADA and Section 508 legal standards.

Manages test data generation and ensures privacy compliance with GDPR/CCPA, handling PII for realistic and legal testing scenarios.