security▌

Security audit checklist for Convex applications covering authentication, exposure, validation, and access control. \n \n Five-part checklist covering authentication provider setup, function exposure (public vs. internal), argument validation strictness, row-level access control, and environment variable handling \n Includes TypeScript code examples for secure patterns: authentication helpers, ownership verification before updates/deletes, and strict argument validators \n Highlights common pitf

Systematic security code review identifying high-confidence vulnerabilities with data-flow verification. \n \n Focuses exclusively on HIGH CONFIDENCE findings: vulnerable patterns with confirmed attacker-controlled input, skipping theoretical issues and framework-mitigated code \n Requires codebase research before reporting: traces data flow, checks for validation/sanitization, and verifies exploitability rather than pattern-matching alone \n Covers 14 vulnerability categories (injection, XSS, a

Audit Claude Code configurations for security vulnerabilities, misconfigurations, and injection risks. \n \n Scans five configuration areas: CLAUDE.md , settings.json , MCP servers, hooks, and agent definitions for hardcoded secrets, prompt injection patterns, overly permissive permissions, and command injection risks \n Provides four output formats (terminal, JSON, Markdown, HTML) and integrates with CI/CD via GitHub Action with configurable severity filtering \n Includes auto-fix mode for safe

Django security best practices covering authentication, authorization, CSRF, SQL injection, and XSS prevention. \n \n Provides production-ready settings configurations including HTTPS enforcement, secure cookies, HSTS headers, and password validation with minimum 12-character requirements \n Covers authentication patterns: custom user models, Argon2 password hashing, session management, and role-based access control (RBAC) \n Includes authorization strategies: Django permissions, custom permissi

Defense-in-depth Kubernetes security through network policies, pod security standards, RBAC, and admission control. \n \n Covers three pod security levels (Privileged, Baseline, Restricted) enforced via namespace labels for graduated security posture \n Provides NetworkPolicy templates for default-deny, service-to-service communication, and DNS egress patterns \n Includes RBAC configuration examples for roles, cluster roles, and bindings to implement least-privilege access \n Demonstrates OPA Ga

Comprehensive security checklist and patterns for authentication, input validation, and sensitive data handling. \n \n Covers 10 core security areas: secrets management, input validation, SQL injection prevention, authentication/authorization, XSS prevention, CSRF protection, rate limiting, sensitive data exposure, blockchain wallet verification, and dependency security \n Includes concrete code examples for each vulnerability type, showing both unsafe and secure patterns with TypeScript and Nex

Zero-config security scanning for Capacitor and Ionic apps.

Apply these security principles when developing backend services, microservices, and any code handling sensitive data or external inputs.

Comprehensive smart contract security patterns, vulnerability prevention, and secure Solidity development practices. \n \n Covers critical vulnerabilities including reentrancy, integer overflow/underflow, access control failures, and front-running with vulnerable code examples and secure patterns \n Teaches Checks-Effects-Interactions pattern, pull-over-push payment design, input validation, and emergency stop mechanisms for production-ready contracts \n Includes gas optimization techniques such

Cloud security requires comprehensive strategies spanning identity management, encryption, network controls, compliance, and threat detection. Implement defense-in-depth with multiple layers of protection and continuous monitoring.