khaneliman

security-auditing

@khaneliman/security-auditing
khaneliman
302
14 forks
Updated 1/18/2026
View on GitHub

Comprehensive security vulnerability assessment and configuration review. Use when analyzing code for security flaws, reviewing dependencies for CVEs, auditing access controls, detecting secrets exposure, or validating compliance with security frameworks.

Installation

$skills install @khaneliman/security-auditing
Claude Code
Cursor
Copilot
Codex
Antigravity

Details

Repositorykhaneliman/khanelinix
Pathmodules/common/ai-tools/skills/general/security-auditing/SKILL.md
Branchmain
Scoped Name@khaneliman/security-auditing

Usage

After installing, this skill will be available to your AI coding assistant.

Verify installation:

skills list

Skill Instructions

name: security-auditing description: Comprehensive security vulnerability assessment and configuration review. Use when analyzing code for security flaws, reviewing dependencies for CVEs, auditing access controls, detecting secrets exposure, or validating compliance with security frameworks.

Security Auditing Guide

Conducts comprehensive security vulnerability assessments of code, configurations, and systems with actionable remediation guidance.

Core Principles

  1. Systematic analysis - Follow structured methodology for complete coverage
  2. Risk-based prioritization - Focus on exploitable issues with real impact
  3. Verified findings - Confirm vulnerabilities before reporting
  4. Actionable remediation - Provide specific fixes, not just descriptions
  5. Defensive focus - Help protect systems, never assist with attacks

Security Assessment Workflow

Copy this checklist when conducting security reviews:

Security Assessment Progress:
- [ ] Step 1: Define scope and threat model
- [ ] Step 2: Conduct static code analysis
- [ ] Step 3: Analyze dependencies for CVEs
- [ ] Step 4: Review cryptographic implementations
- [ ] Step 5: Audit access controls and authentication
- [ ] Step 6: Scan for exposed secrets and credentials
- [ ] Step 7: Evaluate configuration hardening
- [ ] Step 8: Map to compliance frameworks
- [ ] Step 9: Prioritize and report findings

Vulnerability Assessment

Static Code Analysis

Check for OWASP Top 10 vulnerabilities:

VulnerabilityWhat to Look For
InjectionSQL, command, LDAP injection in user inputs
Broken AuthWeak passwords, session mismanagement
Sensitive DataUnencrypted PII, exposed credentials
XXEXML external entity processing
Broken AccessMissing authorization checks
Security MisconfigDefault credentials, verbose errors
XSSUnsanitized output in HTML contexts
DeserializationUntrusted data deserialization
Vulnerable DepsKnown CVEs in dependencies
Logging GapsMissing audit trails

Dependency Analysis

# Check for known vulnerabilities
npm audit                    # Node.js
pip-audit                    # Python
cargo audit                  # Rust
nix flake check             # Nix (build-time)

Key concerns:

  • Direct and transitive dependency CVEs
  • Outdated packages with known issues
  • Supply chain security risks
  • License compliance implications

Cryptographic Review

Verify cryptographic implementations:

  • Algorithms: AES-256, RSA-2048+, SHA-256+ (reject MD5, SHA-1, DES)
  • Key management: Proper generation, storage, rotation
  • Random numbers: Cryptographically secure PRNGs only
  • Certificates: Valid chains, proper expiration handling
  • TLS: TLS 1.2+ with strong cipher suites

Access Control Audit

Authentication Assessment

AreaVerification
Password policyMinimum 12 chars, complexity requirements
MFA coverageAll privileged accounts, sensitive operations
LockoutAfter 5-10 failed attempts
SSO securityProper token validation, secure redirects
Session timeoutAppropriate for sensitivity level

Authorization Analysis

Check for:

  • Missing authorization checks on endpoints
  • Horizontal privilege escalation (accessing other users' data)
  • Vertical privilege escalation (gaining admin access)
  • IDOR vulnerabilities (insecure direct object references)
  • Proper RBAC implementation

Secrets Detection

Common Secret Patterns

# API Keys
[a-zA-Z0-9_-]{32,}

# AWS Keys
AKIA[0-9A-Z]{16}

# Private Keys
-----BEGIN.*PRIVATE KEY-----

# Connection Strings
(mongodb|postgres|mysql):\/\/[^:]+:[^@]+@

# JWT Tokens
eyJ[a-zA-Z0-9_-]*\.eyJ[a-zA-Z0-9_-]*\.

Where Secrets Hide

  • Environment variables and .env files
  • Configuration files (especially YAML/JSON)
  • Git history (use git log -p --all -S 'password')
  • Docker images and layers
  • CI/CD pipeline configs
  • Log files and error messages

Configuration Hardening

System Security Checklist

  • Unnecessary services disabled
  • Firewall rules restrictive (deny by default)
  • SSH key-only authentication
  • Automatic security updates enabled
  • Audit logging configured
  • File permissions minimized

Application Security Checklist

  • Debug mode disabled in production
  • Error messages generic (no stack traces)
  • HTTPS enforced with HSTS
  • Security headers set (CSP, X-Frame-Options)
  • Rate limiting implemented
  • Input validation on all endpoints

Compliance Mapping

Common Frameworks

FrameworkFocus Areas
NIST CSFIdentify, Protect, Detect, Respond, Recover
CIS Controls18 prioritized security controls
ISO 27001Information security management system
OWASPApplication security best practices
PCI DSSPayment card data security
GDPRPersonal data protection
HIPAAHealthcare information security

Reporting Format

Finding Template

**Finding: [Title]**

- **Severity**: Critical / High / Medium / Low / Info
- **Location**: `file:line` or system component
- **Description**: What the vulnerability is
- **Evidence**: Proof or reproduction steps
- **Impact**: What an attacker could do
- **Remediation**: Specific fix with code example
- **References**: CWE, CVE, OWASP links

Severity Classification

SeverityCriteria
CriticalRemote code execution, auth bypass, data breach
HighSignificant data access, privilege escalation
MediumLimited data exposure, requires user interaction
LowMinor issues, defense-in-depth violations
InfoBest practice recommendations

Anti-Patterns

Don't: Report speculative issues

# Bad

This might be vulnerable to SQL injection.

Do: Verify before reporting

# Good

**SQL Injection in user search**

- **Location**: `src/api/users.ts:45`
- **Evidence**: Query uses string interpolation: `db.query(\`SELECT * FROM users
  WHERE name = '${input}'\`)`
- **Verified**: Input reaches query without sanitization
- **Fix**: Use parameterized query:
  `db.query('SELECT * FROM users WHERE name = ?', [input])`

See Also

More by khaneliman

View all
template-creation
302

Create development environment templates and project scaffolding with Nix flakes. Use when creating new project templates, setting up dev shells, configuring language-specific environments, or integrating with CI/CD.

managing-secrets
302

Manages encrypted secrets using sops-nix and age. Use when adding new secrets, rotating keys, debugging secret access, or setting up secret management for new hosts/users.

code-review
302

Conduct thorough, actionable code reviews focusing on critical issues. Use when reviewing pull requests, analyzing code changes, identifying bugs, security vulnerabilities, or suggesting improvements that developers will actually implement.

scaffolding-modules
302

khanelinix directory structure and module placement. Use when creating new modules, deciding where files belong, or understanding the modules/ organization. Covers platform separation (nixos/darwin/home/common) and auto-discovery.