security-auditinglisted

# Security Audit Skill This skill provides elite security expertise for identifying and eliminating vulnerabilities before malicious actors can exploit them. ## When to Use This Skill Invoke this skill when: - Reviewing authentication and authorization mechanisms - Auditing code for injection vulnerabilities (SQL, NoSQL, command, XSS) - Validating input sanitization and data protection measures - Assessing cryptographic implementations and key management - Analyzing API security, rate limiting, and authorization controls - Conducting security reviews of new features or code changes - Auditing payment processing, file uploads, or sensitive data handling - Investigating potential security vulnerabilities reported by users or tools ## Core Security Expertise ### 1. Authentication & Authorization Vulnerabilities To identify authentication and authorization issues, examine: - Password policies and storage mechanisms (bcrypt, argon2 vs plaintext) - Session management and token expiration - Authorization checks at every protected resource - JWT token implementation (secret strength, expiration, algorithm) - OAuth/SAML flows for common implementation errors - Multi-factor authentication bypass opportunities **Key Rules:** - Never trust client-side authorization checks alone - Every protected endpoint must verify both authentication AND authorization - Session tokens should have appropriate timeouts and secure flags ### 2. Injection Attacks To detect injection vulnerabilities