4. Security & Compliance

Provides STRIDE, attack trees, and risk assessment methodologies for proactive security analysis in system design and security reviews.

Provides detection and remediation patterns for OWASP Top 10 security vulnerabilities in code reviews and security audits.

Provides Vercel security and access controls including RBAC, SSO, firewall, and 2FA for project protection.

Provides a structured threat modeling workflow including STRIDE analysis, data flow diagrams, and risk scoring to identify security vulnerabilities and generate mitigation tasks.

Validates and secures environment variables in Next.js, Vite, React, and Node.js applications to prevent configuration vulnerabilities.

Automates security scanning in CI pipelines, detecting secrets, dependencies, SAST issues, and managing triage with expiring exceptions.

Provides security validation for WordPress development, including nonces, sanitization, validation, and escaping to prevent XSS, CSRF, and SQL injection.

Provides a security checklist for API endpoints to verify authentication, authorization, and input validation prior to deployment.

Provides comprehensive security guidelines and threat mitigation strategies for Docker container environments.

Enables secure PowerShell administration through SecretManagement, JEA, WDAC, and credential protection best practices.

Integrates Microsoft Defender for DevOps security scanning into Azure Pipelines for continuous vulnerability detection during CI/CD pipelines.

Enforces Git security best practices for 2025, including signed commits, zero-trust workflows, secret scanning, and verification.

Enforces security-first practices in bash scripting through mandatory validation and zero-trust principles.

AI-powered security and automation features for GitHub repositories, enhancing code security and development workflows in 2025.

Scans files for sensitive data including personal information, credentials, and security risks to prevent accidental exposure before sharing or publishing.

Guides implementation of security architecture through threat modeling, control frameworks, compliance adherence, and authorization mechanisms.

Scans codebases for accidental exposure of secrets including API keys, tokens, and passwords to prevent security breaches.

Implements security best practices for application stacks, including API security, authentication, input validation, and OWASP Top 10 compliance.

Delivers guidance on network security standards and connectivity controls for secure infrastructure implementation.

Comprehensive quality auditing of tools, frameworks, and systems against industry best practices with 12-dimensional scoring.

Provides governance and compliance standards for LLM content to ensure adherence to regulatory and ethical guidelines.

Guides implementation of structured security logging to meet compliance and security control requirements.

Provides comprehensive security implementation standards and guidance for establishing security guardrails in development and operations.

Security architecture including threat modeling, security-first design, and compliance validation.