Security Review
Perform a security review of code changes.
When to use this skill
- When reviewing code for security vulnerabilities
- Before completing changes to authentication/authorization code
- When adding new dependencies
- During security-focused code reviews
- When asked to perform a "security review" or "security audit"
Skill Contents
Available Resources
π references/ - Detailed documentation
Quick Checklist
- Credential Scanning - Search for hardcoded secrets
- Input Validation - Check SQL injection, XSS, command injection
- Authentication & Authorization - Review auth mechanisms
- Data Protection - Check encryption and data handling
- Dependency Security - Scan for vulnerable packages
Output Format
For each finding, provide:
- Finding: Description of the issue
- Severity: Critical/High/Medium/Low
- Recommendation: How to fix
- File/Line: Location
Security Checks
| Check | Description | |-------|-------------| | Credential scanning | Detect hardcoded secrets | | Input validation | Verify user input is sanitized | | Dependency audit | Check for vulnerable dependencies | | Authentication | Review auth/authz implementations |
References
| Technology | Reference |
|------------|-----------|
| Java | references/java/security-patterns.md |
| TypeScript | references/typescript/security-patterns.md |
| Python | references/python/security-patterns.md |
| Go | references/go/security-patterns.md |
Related Skills
- fix-vulnerabilities (Java) - Dependency vulnerability management
- fix-vulnerabilities (Node.js) - npm audit and vulnerability management
- fix-sonarqube (Java) - SonarQube issue fixing for Java
- fix-sonarqube (Node.js) - SonarQube issue fixing for Node.js