Security Audit Skill

Comprehensive security auditing covering code review, vulnerability assessment, OWASP Top 10, dependency analysis, and remediation planning.

What This Skill Does

• Conducts security code reviews

• Identifies vulnerabilities (CVSS scoring)

• Performs OWASP Top 10 assessments

• Audits authentication/authorization

• Reviews data protection controls

• Analyzes dependency vulnerabilities

• Creates remediation roadmaps

When to Use

• Security reviews before release

• Compliance audits

• Penetration test preparation

• Incident response analysis

• Dependency vulnerability assessment

Reference Files

• references/SECURITY_AUDIT.template.md

• Comprehensive security audit report format

• references/owasp_checklist.md

• OWASP Top 10 checklist with CVSS scoring and CWE references

Workflow

• Define scope and methodology

• Perform static/dynamic analysis

• Document findings by severity

• Map to OWASP categories

• Create remediation roadmap

• Verify fixes

Output Format

Security findings should include:

• Severity (Critical/High/Medium/Low)

• CVSS score and vector

• CWE classification

• Proof of concept

• Remediation steps