cyberneticlibrary
← library

Conduct security code review

securityskillsetup L1559
sipyourdrink-ltd/bernstein
What it does

Audit code for OWASP, auth, secrets, and injection vulnerabilities

Best for

Severity classification separates critical auth issues from style nits—allows teams to merge without blocking on low-severity findings.

Inputs
  • · source code files
  • · task description of changes
Outputs
  • · vulnerability findings categorized by severity
  • · fix recommendations with code samples
Preconditions

Code available for review; OWASP Top 10 context available

Failure modes

Missed subtle injection vectors; auth bypass overlooked if scope not clear; false positives on framework-handled validation

Trust signals
  • · owasp-top-10.md reference
  • · auth-checklist.md for OAuth/JWT/SAML
  • · critical findings posted to BULLETIN immediately

Capability

security-audit → compare alternatives