4. Security & Compliance

Identifies session management vulnerabilities including session fixation and insecure session ID generation in web applications.

Audits crypto wallet security, including private key management and transaction signing verification.

Performs log auditing against fractary-logs best practices and provides actionable remediation steps for security and compliance improvements.

Validates payment systems against PCI-DSS security standards to ensure compliance with data protection regulations for cardholder information.

Automates infrastructure compliance checks, policy validation, and audit reporting for security and regulatory adherence.

Performs security audits against OWASP Top 10 vulnerabilities and best practices for web applications.

Builds secure API authentication systems using OAuth2, JWT, API keys, and session management for protected endpoints.

Configures permissions for Claude Code repository plugins via .claude/settings.json file management.

Validates encryption implementations and cryptographic practices to ensure secure data handling. Triggered by 'check encryption', 'validate crypto', or 'review security keys'.

Scans user input handling code for vulnerabilities and injection risks, enabling proactive security audits and code validation.

Logs API requests with correlation IDs, performance metrics, and security audit trails for comprehensive request auditing and compliance.

Audits infrastructure-as-code and application configurations for security misconfigurations to ensure compliance with best practices.

Automates cryptocurrency tax calculation by tracking cost basis and applying jurisdiction-specific tax rules for accurate liability reporting.

Scans code repositories for exposed secrets, API keys, and credentials to prevent security breaches during audits.

Validates CSRF token implementation to identify security vulnerabilities in web forms and state-changing operations.

Generates comprehensive compliance reports for security standards, supporting documentation for audits and regulatory requirements.

Automates container security scanning, vulnerability detection, and compliance auditing with guided remediation for containerized applications.

Automates API fuzzing to discover security vulnerabilities, edge cases, and crashes in web services.

Generates comprehensive security audit reports to assess security posture, identify vulnerabilities, and evaluate compliance with standards like PCI-DSS.

Guides security teams through incident response, investigation, and remediation for breaches, ransomware, and data incidents.

Validates authentication mechanisms for security weaknesses and compliance in login systems and auth flows.

Automates database security scanning, vulnerability detection, and compliance audit guidance for robust security posture.

Audits healthcare applications for HIPAA compliance, validating protection of protected health information (PHI) against security vulnerabilities.

Automates SOC 2 audit preparation through evidence gathering, control assessment, and gap identification for Trust Service Criteria compliance.