| name | security-audit |
| description | Security auditing and vulnerability assessment specialist. Use when conducting security reviews, analyzing code for vulnerabilities, performing OWASP assessments, or creating security audit reports. |
| author | Joseph OBrien |
| status | unpublished |
| updated | 2025-12-23 |
| version | 1.0.1 |
| tag | skill |
| type | skill |
Security Audit Skill
Comprehensive security auditing covering code review, vulnerability assessment, OWASP Top 10, dependency analysis, and remediation planning.
What This Skill Does
- Conducts security code reviews
- Identifies vulnerabilities (CVSS scoring)
- Performs OWASP Top 10 assessments
- Audits authentication/authorization
- Reviews data protection controls
- Analyzes dependency vulnerabilities
- Creates remediation roadmaps
When to Use
- Security reviews before release
- Compliance audits
- Penetration test preparation
- Incident response analysis
- Dependency vulnerability assessment
Reference Files
references/SECURITY_AUDIT.template.md- Comprehensive security audit report formatreferences/owasp_checklist.md- OWASP Top 10 checklist with CVSS scoring and CWE references
Workflow
- Define scope and methodology
- Perform static/dynamic analysis
- Document findings by severity
- Map to OWASP categories
- Create remediation roadmap
- Verify fixes
Output Format
Security findings should include:
- Severity (Critical/High/Medium/Low)
- CVSS score and vector
- CWE classification
- Proof of concept
- Remediation steps