4. Security & Compliance

Provides security best practices and patterns for writing and auditing Solidity smart contracts to prevent common vulnerabilities.

Expert guidance for GA4 privacy compliance including GDPR, CCPA, Consent Mode v2, data deletion, and consent configuration.

Conducts network reconnaissance, service enumeration, and vulnerability detection via Nmap for security audits and compliance assessments.

Generates DOCX security assessment reports with vulnerability findings, risk ratings, and remediation steps for audits and compliance documentation.

Manages security policies, firewall zones, access control rules, and guest network access; conducts security audits and compliance reviews.

Enforces strict security protocols and data isolation rules for public community operations in the Agent Flywheel Hub Discord server.

High-performance web fuzzer for DAST testing, enabling directory enumeration, parameter fuzzing, and virtual host discovery to identify security vulnerabilities.

Manages cases of forced surrenders, threats, and lack of informed consent in the Coercion_Duress queue for compliance verification.

Applies STRIDE methodology for systematic threat identification in security analysis, threat modeling, and documentation.

Provides guidance for implementing and reviewing GDPR-compliant features in Empathy Ledger to ensure regulatory data protection standards.

Enforces dependency security scanning and SBOM generation, covering OWASP Dependency Check and npm audit for supply chain security.

Configures mutual TLS (mTLS) for zero-trust service-to-service communication, ensuring certificate-based authentication and encryption.

Verifies security considerations are addressed before shipping, issuing warnings for unresolved issues requiring remediation.

Provides comprehensive knowledge on Linux privilege escalation techniques, including enumeration and exploitation of SUID, sudo, kernel, and misconfigurations to capture root flags.

Performs dynamic security testing on web applications and APIs using OWASP ZAP, detecting vulnerabilities and generating compliance reports.

Audits code for security vulnerabilities against OWASP Top 10, focusing on authentication, API routes, and sensitive data handling.

Automates code review against security compliance standards to ensure adherence to best practices and regulatory requirements.

Expertise in vulnerability exploitation, initial access, and common attack vectors including SQLi and RCE.

Scans Python code for security vulnerabilities including hardcoded secrets and injection flaws, with remediation guidance for CI/CD pipelines.

Conducts comprehensive security audits including static analysis, dependency vulnerability checks, secrets detection, and OWASP compliance verification.

Provides secure authentication and authorization implementation using @delon/auth, including JWT management, RBAC, route guards, and Firebase Auth integration.

Monitors Ubiquiti Protect surveillance systems, tracking camera status, reviewing recordings, and alerting on security events and system health.

Derives security requirements from threat models and business context to create actionable security user stories and test cases.

Designs security controls, implements authentication/authorization, conducts threat modeling, and ensures compliance with security frameworks.