security-analysis

# Security Analysis Skill

## Quick Reference

Use this skill when:
- Reviewing code for security vulnerabilities
- Implementing authentication/authorization
- Validating input handling
- Checking for common security flaws
- Ensuring OWASP Top 10 compliance

---

## Security Checklist (OWASP Top 10)

### 1. Broken Access Control

**Check for**:
- Missing authorization checks on protected routes
- Insecure direct object references (IDOR)
- Privilege escalation vulnerabilities

**Pattern**:
```
# Find routes without auth middleware - adjust pattern for your framework
grep -rn "router\.\(get\|post\|put\|delete\|patch\)" src/routes/ | \
  grep -v "requireAuth\|isAuthenticated\|checkPermission" | \
  grep -v "public"
```

---

### 2. Cryptographic Failures

**Check for**:
- Passwords stored in plain text
- Weak hashing algorithms (MD5, SHA1)
- Hardcoded secrets or API keys
- Insufficient bcrypt rounds (<10)

**Patterns to Scan**:
```bash
# Find weak crypto usage
grep -rn "md5\|sha1\|createHash('sha1')" src/

# Find hardcoded secrets
grep -rn "api[_-]?key\s*=\s*['\"][a-zA-Z0-9]" src/

# Find potential password issues
grep -rn "password\s*=\s*['\"]" src/
```

---

### 3. Injection Vulnerabilities

**Check for**:
- SQL injection (unparameterized queries)
- NoSQL injection (unvalidated queries)
- Command injection (shell commands with user input)
- XSS (unescaped user content)

**Patterns to Scan**:
```bash
# Find potential SQL injection (template literals in queries)
grep -rn "query.*\${" src/

# Find command execution
grep -rn "exec\|spawn\|execSync" src/

# Find eval usage
grep -rn "eval(" src/
```

---

### 4. Insecure Design

**Check for**:
- Missing rate limiting on sensitive endpoints
- No CSRF protection
- Insecure session management
- Missing security headers

---

### 5. Security Misconfiguration

**Check for**:
- Debug mode enabled in production
- Default credentials
- Verbose error messages exposing internals

**Patterns to Scan**:
```bash
# Find debug code
grep