security-audit

# Security Auditing Workflow Bundle ## Overview Comprehensive security auditing workflow for web applications, APIs, and infrastructure. This bundle orchestrates skills for penetration testing, vulnerability assessment, security scanning, and remediation. ## When to Use This Workflow Use this workflow when: - Performing security audits on web applications - Testing API security - Conducting penetration tests - Scanning for vulnerabilities - Hardening application security - Compliance security assessments ## Workflow Phases ### Phase 1: Reconnaissance #### Skills to Invoke - `scanning-tools` - Security scanning - `shodan-reconnaissance` - Shodan searches - `top-web-vulnerabilities` - OWASP Top 10 #### Actions 1. Identify target scope 2. Gather intelligence 3. Map attack surface 4. Identify technologies 5. Document findings #### Copy-Paste Prompts ``` Use @scanning-tools to perform initial reconnaissance ``` ``` Use @shodan-reconnaissance to find exposed services ``` ### Phase 2: Vulnerability Scanning #### Skills to Invoke - `vulnerability-scanner` - Vulnerability analysis - `security-scanning-security-sast` - Static analysis - `security-scanning-security-dependencies` - Dependency scanning #### Actions 1. Run automated scanners 2. Perform static analysis 3. Scan dependencies 4. Identify misconfigurations 5. Document vulnerabilities #### Copy-Paste Prompts ``` Use @vulnerability-scanner to scan for OWASP Top 10 vulnerabilities ``` ``` Use @security-scanning-secu...