4. Security & Compliance

Guide for implementing and debugging Lightdash's CASL-based authorization system, covering scopes, roles, and permission flows.

Provides a read-only security audit of SkiaSharp's native dependencies, identifying vulnerabilities, CVEs, and generating a status report with recommendations.

Enables binary analysis and reverse engineering through IDAPython scripting, leveraging IDA Pro's API for disassembly, decompilation, and cross-referencing.

Enables security-focused static analysis of binaries through disassembly, decompilation, and control flow analysis to identify vulnerabilities in compiled executables.

Detects security vulnerabilities in source code through static analysis across multiple programming languages and frameworks.

Scans project dependencies for vulnerabilities, generates SBOMs, and provides risk assessment and remediation advice for secure software supply chains.

Assists in managing security incident response workflows, including detection, containment, and recovery from security breaches.

Provides expert binary analysis, disassembly, and vulnerability research using industry-standard tools for security assessments and reverse engineering tasks.

Expert malware analysis for threat intelligence, incident response, and security research, including sandbox, behavioral, and IOC extraction techniques.

Provides expert guidance on implementing secure frontend practices, focusing on XSS prevention, output sanitization, and client-side security patterns for robust application security.

Drafts GDPR-compliant legal documents including privacy policies, terms of service, and data processing agreements for regulatory adherence.

Specializes in firmware security analysis, vulnerability research, and penetration testing for embedded systems, IoT devices, and industrial controllers.

Systematically identifies security threats using STRIDE methodology for threat modeling sessions and security documentation.

Analyzes memory dumps for incident response, malware analysis, and artifact extraction using Volatility framework.

Conducts WCAG accessibility audits, identifies barriers, and provides remediation guidance for inclusive web design compliance.

Provides secure backend coding guidance with emphasis on input validation, authentication, and API security for robust implementation and code reviews.

Analyzes project dependencies for vulnerabilities, license compliance, and outdated packages, providing actionable security remediation strategies.

Configures mutual TLS (mTLS) for zero-trust service-to-service communication, including certificate management and authentication.

Performs compliance audits and provides implementation guidance for GDPR, HIPAA, SOC2, and PCI-DSS in software systems.

Provides implementation guidance for PCI DSS compliance to secure payment card data handling and processing systems.

Configures Static Application Security Testing (SAST) tools to automate vulnerability detection in code, enhancing DevSecOps practices.

Conducts security audits, vulnerability assessments, and compliance checks (GDPR, HIPAA, SOC2) using OWASP standards and DevSecOps practices.

Detects and prevents Cross-Site Scripting (XSS) vulnerabilities in React, Vue, Angular, and vanilla JavaScript frontend code.

Provides secure authentication and authorization implementation patterns including JWT, OAuth2, and RBAC for building robust access control systems.