4. Security & Compliance

Creates STRIDE-based threat models with asset identification, threat enumeration, and residual risk assessment.

Automates RBAC permission testing with test matrices and CI integration to ensure authorization coverage and prevent access control regressions.

Audits input validation and sanitization to prevent XSS, SQL injection, and command injection vulnerabilities using schema-based checks and safe coding patterns.

Scans code repositories for leaked secrets like API keys and passwords using pre-commit hooks and CI checks, with remediation guidance.

Produces build artifacts with Software Bill of Materials (SBOM) and supply chain metadata to enhance security and ensure compliance.

Builds content safety filters with PII redaction, policy constraints, and prompt injection detection for secure AI interactions.

Automates PII redaction in logs to ensure GDPR compliance and prevent sensitive data exposure in logging systems.

Queries identity change logs to explore profile creation and merging events for security and compliance monitoring.

Provides API security hardening with rate limiting, input validation, authentication, and protection against common attacks.

Audits project dependencies for security vulnerabilities, outdated packages, and performance issues, delivering prioritized reports with upgrade recommendations.

Analyzes npm audit and Snyk vulnerability reports to generate prioritized patch plans with severity assessment and safe upgrade paths.

Enables secure implementation of OAuth 2.0 and OpenID Connect authentication flows, including token handling and provider integration for social login and SSO.

Anonymizes PII in text and CSV files using multiple masking strategies, including reversible tokenization for data privacy compliance.

Calculates and verifies cryptographic hashes (MD5, SHA1, SHA256, SHA512) for text and files to ensure data integrity and security.

Generates secure passwords and passphrases with customizable rules, checks strength, and supports bulk generation for enhanced security.

Extracts provenance attestations to trace container images back to source code and build logs, ensuring supply chain security and compliance.

Specialized workflows for reverse engineering binaries to identify vulnerabilities through pattern recognition and security analysis.

Provides security best practices for Sinatra applications including input validation, CSRF protection, and authentication patterns to harden applications and support security reviews.

Scans MCP servers for security vulnerabilities using Cisco AI Defense, evaluates findings, and updates security allowlists in spec.yaml files.

Securely manages environment variables with encryption, enabling safe cross-platform secret handling and migration from plaintext .env files.

Executes comprehensive security audits and system health checks to verify CLI and MCP tool functionality.

Simplifies adding authentication to Next.js App Router apps using Neon Auth, configuring API routes, middleware, and UI without database requirements.

Provides a complete Google OAuth integration architecture with secure token storage and debugging capabilities.

Provides authentication patterns for dashboard frontend API calls, covering JWT token handling, apiRequest helper usage, and common pitfalls to resolve 401 errors.