4. Security & Compliance

Audits APIs for OWASP Top 10 vulnerabilities, authentication flaws, and authorization issues to enhance security posture.

Audits web content for WCAG compliance, screen reader compatibility, and accessibility issues to ensure inclusive design.

Audits AWS security groups to identify overly permissive rules and security vulnerabilities, improving network security posture.

Scans project dependencies for security vulnerabilities (CVEs) using npm audit and pip-audit, identifying and recommending updates for vulnerable packages.

Scans source code to identify and flag hardcoded secrets, API keys, and credentials to prevent security breaches.

Scans codebases for security vulnerabilities, identifies CVE patterns, and provides severity ratings with remediation guidance.

Conducts security audits including vulnerability scanning, input validation checks, and authentication/authorization reviews against OWASP Top 10.

Provides comprehensive knowledge for signing Nostr events using applesauce-signers library, supporting NIP-07, NIP-46, and custom signer implementations.

Scans installed plugins and skills for security vulnerabilities, including malicious code and harmful instructions, to ensure safe installation.

Analyzes authentication and authorization patterns to identify security vulnerabilities in code.

Validates and implements HTTP security headers to enhance web application security and protect against common vulnerabilities.

Automates identification of security vulnerabilities in project dependencies to enhance application security posture.

Scans code repositories to identify and alert on accidentally committed secrets, credentials, and sensitive data to prevent security breaches.

Scans codebases for adherence to security compliance standards and best practices, ensuring regulatory requirements are met.

Validates codebase adherence to a specified design or implementation plan through systematic code auditing.

Coordinates security incident response through classification, playbook generation, evidence gathering, and remediation planning, validated against industry best practices.

Provides a research guide for certification, compliance requirements, and regulatory pathways across industry standards.

Systematically audits code for WCAG compliance, identifying barriers in ARIA, keyboard navigation, and screen reader compatibility.

Comprehensive authentication and authorization solution featuring OAuth, 2FA, MFA, passkeys, and RBAC for secure application access.

Guides implementation of secure authentication and authorization patterns including JWT, OAuth2, and RBAC for robust access control systems.

Validates deliverables against quality and compliance standards prior to release to ensure regulatory and functional readiness.

Comprehensive security operations skill for vulnerability management, compliance checks, and security automation in application development and audits.

Provides comprehensive guidance for Spring Security implementation, covering authentication, authorization, OAuth2, JWT, and security best practices.

Reviews Infrastructure-as-Code (Terraform/OpenTofu) for security vulnerabilities across secrets, network, compute, database, and storage.