Security & Testing Agent Skills

Kubernetes Security Policies

Implements production-grade Kubernetes security policies including NetworkPolicy, RBAC, and Pod Security Standards to ensure cluster-wide defense-in-depth.

Systematic Debugging

Enforces a rigorous four-phase framework to identify root causes and eliminate guess-and-check thrashing during the software debugging process.

JavaScript Testing Patterns

Implement robust testing strategies for JavaScript and TypeScript applications using modern frameworks like Jest and Vitest.

Privacy Detectability & Side-Channel Analyst

Analyzes source code for detectability threats and timing side channels to prevent unauthorized inference of system interactions.

Injection Security Analysis

Audits source code for SQL, NoSQL, and command injection vulnerabilities to align with OWASP Top 10 security standards.

AppSec Plan Reviewer

Analyzes implementation plans and architecture designs to identify security vulnerabilities before a single line of code is written.

Data Flow Security Mapper

Traces application data from input sources to storage sinks to identify security vulnerabilities and trust boundary violations.

Secrets Detection & Security Scanning

Identifies and remediates hardcoded credentials, API keys, and sensitive tokens across source code and git history.

PASTA Attack Simulator

Simulates realistic exploit chains and scores vulnerability exploitability using the PASTA threat modeling framework.

Race Condition Security Auditor

Analyzes source code to detect and remediate complex concurrency vulnerabilities like TOCTOU, double-spend bugs, and non-atomic operations.

Identifiability Analysis

Analyzes source code and data structures to detect PII exposure and re-identification risks in anonymized datasets.

PASTA Stage 2: Technical Scope Mapping

Maps application attack surfaces and technical boundaries to create comprehensive data flow diagrams for threat modeling.

PASTA Vulnerability Analysis

Identifies security weaknesses and maps vulnerabilities to CWE identifiers using the PASTA threat modeling methodology.

Linkability & Privacy Analysis

Analyzes source code to identify and mitigate linkability threats where user data can be correlated across services, sessions, or contexts.

STRIDE Threat Modeling

Performs comprehensive security threat modeling by dispatching parallel subagents to analyze codebases for STRIDE framework vulnerabilities.

Personal Data Disclosure Auditor

Audits source code to identify and mitigate unauthorized personal data (PII) exposure in logs, APIs, and third-party integrations.

Privilege Escalation Security Auditor

Identifies authorization vulnerabilities and privilege escalation paths within your source code using the STRIDE threat modeling framework.

Auth0 Authentication Patterns

Implements secure Auth0 authentication patterns, including machine-to-machine authorization, user management, and role-based access control.

Security Hardener

Strengthens application security by identifying and implementing defense-in-depth measures, security headers, and proactive coding patterns.

PASTA Threat Analysis

Identifies and analyzes potential threats by profiling actors and mapping attack vectors to the MITRE ATT&CK framework using the PASTA methodology.

AppSec Learn

Teaches application security through interactive, guided walkthroughs using your own codebase as the primary teaching material.

AppSec Security Dashboard

Visualizes the current security posture of a project by aggregating scan results and tracking code changes since the last audit.

Security Regression Detection

Prevents the reintroduction of security vulnerabilities by verifying historical fixes against current code changes.

Identity Spoofing Security Analysis

Analyzes source code to identify and remediate identity spoofing vulnerabilities and authentication weaknesses based on the STRIDE threat model.

Security Misconfiguration Auditor

Audits application and infrastructure configurations to identify and remediate security vulnerabilities based on OWASP standards.

PASTA Application Decomposition

Analyzes application architecture to identify components, trust boundaries, and data sensitivity for formal threat modeling.

AppSec Full Audit

Conducts exhaustive, multi-framework security audits and generates comprehensive, compliance-ready reports.

Attack Surface Mapping

Maps and inventories every application entry point to identify potential security exposure and undocumented interfaces.

Coverage Analysis Pro

Analyzes code coverage metrics and implements testing patterns to improve software quality and reliability.

WebSocket Security Auditor

Analyzes WebSocket implementations for security vulnerabilities like CSWSH, missing authentication, and inadequate message validation.