/security-audit - Comprehensive Security Analysis

Purpose

The /security-audit prompt performs multi-layer security analysis of your application, identifying vulnerabilities, suggesting fixes, and ensuring compliance with security best practices. It adapts to your specific technology stack and threat model.

Use Cases

1. Pre-Launch Audits: Ensure security before going live
2. Periodic Reviews: Regular security health checks
3. Compliance Preparation: Meet regulatory requirements
4. Incident Response: Post-incident security hardening
5. Third-Party Assessments: Prepare for external audits

Argument Structure

/security-audit [scope] [compliance-target] [--options]

Arguments

1. scope (optional)

   • Specific area to audit
   • Examples: "api", "authentication", "data-storage"
   • Defaults to comprehensive audit

2. compliance-target (optional)

   • Compliance framework focus
   • Examples: "OWASP", "PCI-DSS", "HIPAA", "GDPR"
   • Helps prioritize findings

3. options (optional)

   • --depth: Audit depth (quick, standard, comprehensive)
   • --fix: Generate fix implementations
   • --report: Format (summary, detailed, executive)

Examples

# Comprehensive security audit
/security-audit

# API-focused audit
/security-audit "api-endpoints"

# Compliance-specific audit
/security-audit "data-handling" "GDPR"

# Quick audit with fixes
/security-audit --depth=quick --fix

# Executive report
/security-audit --report=executive

Adaptation Strategies

Multi-Layer Analysis

The prompt examines:

1. Application Layer

   • Input validation
   • Output encoding
   • Session management
   • Access controls
   • Error handling

2. API Security

   • Authentication mechanisms
   • Authorization logic
   • Rate limiting
   • Input sanitization
   • CORS configuration

3. Data Protection

   • Encryption at rest
   • Encryption in transit
   • Key management
   • Data classification
   • Privacy controls

4. Infrastructure Security

   • Network segmentation
   • Firewall rules
   • Container security
   • Secrets management
   • Logging/monitoring

Technology-Specific Checks

Adapts to your stack:

• Node.js: npm audit, dependency checks
• React: XSS prevention, state exposure
• PostgreSQL: Query injection, access controls
• AWS: IAM policies, S3 permissions
• Docker: Image vulnerabilities, secrets

Compliance Mapping

Maps findings to standards:

• OWASP Top 10
• CWE classifications
• GDPR requirements
• HIPAA controls
• SOC 2 criteria

Memory Usage

Generated Reports

.orchestre/
├── security/
│   ├── audits/
│   │   ├── 2024-01-15-audit.md    # Timestamped reports
│   │   ├── findings.md             # Current vulnerabilities
│   │   └── remediation.md          # Fix tracking
│   ├── policies/
│   │   ├── access-control.md       # Security policies
│   │   ├── data-handling.md        # Data procedures
│   │   └── incident-response.md    # Response plans
│   └── compliance/
│       ├── gdpr-checklist.md       # Compliance tracking
│       └── audit-trail.md          # Change history

Audit Report Structure

# Security Audit Report - 2024-01-15

## Executive Summary
- **Risk Level**: Medium
- **Critical Findings**: 2
- **High Priority**: 5
- **Medium Priority**: 12
- **Low Priority**: 23

## Critical Findings

### 1. SQL Injection Vulnerability
**Location**: `/api/search` endpoint
**Risk**: Critical
**Impact**: Database compromise possible

**Details**:
User input directly concatenated into SQL query without parameterization.

**Recommendation**:
Use parameterized queries or ORM with proper escaping.

**Fix**:
```javascript
// Vulnerable code
const query = `SELECT * FROM products WHERE name LIKE '%${searchTerm}%'`;

// Secure code
const query = 'SELECT * FROM products WHERE name LIKE $1';
const values = [`%${searchTerm}%`];

2. Missing Authentication on Admin Routes

Location: /admin/* routes Risk: Critical Impact: Unauthorized admin access

Details: Admin routes lack authentication middleware.

Recommendation: Implement authentication checks on all admin routes.

## Workflow Examples

### Pre-Launch Security Check
```bash
# 1. Comprehensive audit
/security-audit --depth=comprehensive

# 2. Fix critical issues
/execute-task "Fix SQL injection vulnerabilities identified in security audit"

# 3. Re-audit specific areas
/security-audit "api-endpoints" --fix

# 4. Generate compliance report
/security-audit --report=detailed "OWASP"

Compliance Preparation

# 1. Compliance-focused audit
/security-audit "all" "GDPR" --depth=comprehensive

# 2. Implement privacy controls
/execute-task "Implement GDPR data subject rights from audit findings"

# 3. Document compliance
/document-feature "GDPR Compliance Implementation"

# 4. Final compliance check
/security-audit "data-handling" "GDPR" --report=executive

Incident Response

# 1. Immediate audit after incident
/security-audit --depth=quick

# 2. Focus on compromised area
/security-audit "authentication" --fix

# 3. Comprehensive follow-up
/security-audit --depth=comprehensive

# 4. Implement improvements
/add-enterprise-feature "advanced-security-monitoring"

Intelligent Features

Vulnerability Detection

Identifies common issues:

• Injection flaws (SQL, NoSQL, Command)
• Broken authentication
• Sensitive data exposure
• XML/XXE attacks
• Broken access control
• Security misconfiguration
• XSS vulnerabilities
• Insecure deserialization
• Component vulnerabilities
• Insufficient logging

Risk Scoring

Evaluates severity based on:

• Exploitability
• Impact potential
• Data sensitivity
• User exposure
• Business criticality

Fix Generation

Provides:

• Code examples
• Configuration changes
• Architecture improvements
• Process recommendations
• Tool suggestions

Compliance Mapping

Links findings to:

• Regulatory requirements
• Industry standards
• Best practices
• Framework controls
• Audit criteria

Security Categories

1. Authentication & Authorization

/security-audit "authentication"

Checks:

• Password policies
• MFA implementation
• Session management
• Token security
• OAuth configuration

2. Data Protection

/security-audit "data-protection"

Examines:

• Encryption standards
• Key management
• Data classification
• Backup security
• Deletion policies

3. API Security

/security-audit "api"

Reviews:

• Endpoint authentication
• Rate limiting
• Input validation
• Error responses
• API versioning

4. Infrastructure Security

/security-audit "infrastructure"

Analyzes:

• Network configuration
• Server hardening
• Container security
• Cloud permissions
• Monitoring setup

Report Types

Summary Report

Quick overview for developers:

• Finding counts by severity
• Top 5 critical issues
• Quick fix checklist
• Next steps

Detailed Report

Technical deep-dive:

• Full vulnerability details
• Code examples
• Reproduction steps
• Fix implementations
• Testing procedures

Executive Report

High-level for management:

• Risk assessment
• Business impact
• Compliance status
• Resource requirements
• Timeline estimates

Integration Points

With Other Prompts

• ← /create: Audit new projects
• ← /execute-task: After feature additions
• → /add-enterprise-feature: Add security features
• → /document-feature: Document security measures

With Security Tools

Integrates findings from:

• Static analysis tools
• Dependency scanners
• Container scanners
• Cloud security tools
• Penetration tests

Best Practices

1. Regular Audits

   # Monthly quick check
   /security-audit --depth=quick
   
   # Quarterly comprehensive
   /security-audit --depth=comprehensive
   
   # Pre-release detailed
   /security-audit "all" --fix --report=detailed

2. Focused Reviews

   # After new feature
   /security-audit "new-payment-flow"
   
   # After dependency update
   /security-audit "dependencies"
   
   # After architecture change
   /security-audit "api" --depth=comprehensive

3. Compliance Tracking

   # Initial baseline
   /security-audit "all" "SOC2" --report=detailed
   
   # Progress tracking
   /security-audit "SOC2" --report=summary
   
   # Certification prep
   /security-audit "SOC2" --depth=comprehensive --report=executive

Common Findings

Critical Issues

1. Hardcoded Secrets

   • API keys in code
   • Database credentials
   • Fix: Environment variables

2. SQL Injection

   • Raw query construction
   • String concatenation
   • Fix: Parameterized queries

3. Missing Authentication

   • Unprotected endpoints
   • Weak verification
   • Fix: Middleware checks

High Priority

1. Weak Encryption

   • MD5/SHA1 usage
   • Small key sizes
   • Fix: Modern algorithms

2. Insecure Dependencies

   • Vulnerable packages
   • Outdated libraries
   • Fix: Regular updates

3. CORS Misconfiguration

   • Wildcard origins
   • Credential exposure
   • Fix: Specific origins

Tips

1. Fix Immediately: Address critical findings right away
2. Track Progress: Document remediation efforts
3. Automate Checks: Integrate security scanning in CI/CD
4. Train Team: Share findings for learning
5. Verify Fixes: Re-audit after implementing changes