mirror of https://github.com/centminmod/my-claude-code-setup.git synced 2025-12-29 16:14:46 +00:00

Files

George Liu ef3d0564c6 Add six new slash command categories with useful developer tools

- Add /documentation category with create-readme-section command
- Add /security category with security-audit and check-best-practices commands
- Add /architecture category with explain-architecture-pattern command
- Add /promptengineering category with convert-to-test-driven-prompt and batch-operations-prompt commands
- Update README.md to document all new slash commands
- Add Bash(mkdir:*) permission to settings.local.json

2025-07-09 00:39:37 +10:00

2.8 KiB

Raw Blame History

Security Audit

Perform a comprehensive security audit of the codebase to identify potential vulnerabilities, insecure patterns, and security best practice violations.

Usage Examples

Basic Usage

"Run a security audit on this project" "Check for security vulnerabilities in the authentication module" "Scan the API endpoints for security issues"

Specific Audits

"Check for SQL injection vulnerabilities" "Audit the file upload functionality for security risks" "Review authentication and authorization implementation" "Check for hardcoded secrets and API keys"

Instructions for Claude

When performing a security audit:

Systematic Scanning: Examine the codebase systematically for common vulnerability patterns
Use OWASP Guidelines: Reference OWASP Top 10 and other security standards
Check Multiple Layers: Review frontend, backend, database, and infrastructure code
Prioritize Findings: Categorize issues by severity (Critical, High, Medium, Low)
Provide Remediation: Include specific fixes for each identified issue

Security Checklist

Authentication & Authorization

Password storage and hashing methods
Session management security
JWT implementation and validation
Access control and permission checks
Multi-factor authentication support

Input Validation & Sanitization

SQL injection prevention
XSS (Cross-Site Scripting) protection
Command injection safeguards
Path traversal prevention
File upload validation

Data Protection

Encryption in transit (HTTPS/TLS)
Encryption at rest
Sensitive data exposure
API key and secret management
PII handling compliance

Common Vulnerabilities

CSRF protection
Clickjacking prevention
Security headers configuration
Dependency vulnerabilities
Insecure direct object references

API Security

Rate limiting implementation
API authentication methods
Input validation on endpoints
Error message information leakage
CORS configuration

Output Format

Provide a structured security report with:

## Security Audit Report

### Summary
- Total issues found: X
- Critical: X, High: X, Medium: X, Low: X

### Critical Issues
#### 1. [Issue Name]
- **Location**: file.js:line
- **Description**: Detailed explanation
- **Impact**: Potential consequences
- **Remediation**: Specific fix with code example

### High Priority Issues
[Similar format]

### Medium Priority Issues
[Similar format]

### Low Priority Issues
[Similar format]

### Recommendations
- General security improvements
- Best practices to implement
- Tools and libraries to consider

Remember to:

Be specific about file locations and line numbers
Provide code examples for fixes
Explain the security impact clearly
Avoid false positives by understanding the context

2.8 KiB Raw Blame History