Back to Details

security-audit

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Security Audit Skill

安全审计Skill

Comprehensive security auditing covering code review, vulnerability assessment, OWASP Top 10, dependency analysis, and remediation planning.
涵盖代码审查、漏洞评估、OWASP Top 10、依赖项分析以及修复规划的全面安全审计服务。

What This Skill Does

该Skill的功能

  • Conducts security code reviews
  • Identifies vulnerabilities (CVSS scoring)
  • Performs OWASP Top 10 assessments
  • Audits authentication/authorization
  • Reviews data protection controls
  • Analyzes dependency vulnerabilities
  • Creates remediation roadmaps
  • 开展安全代码审查
  • 识别漏洞(含CVSS评分)
  • 执行OWASP Top 10评估
  • 审核身份验证/授权机制
  • 检查数据保护控制措施
  • 分析依赖项漏洞
  • 制定修复路线图

When to Use

适用场景

  • Security reviews before release
  • Compliance audits
  • Penetration test preparation
  • Incident response analysis
  • Dependency vulnerability assessment
  • 发布前的安全审查
  • 合规性审计
  • 渗透测试准备
  • 事件响应分析
  • 依赖项漏洞评估

Reference Files

参考文件

  • references/SECURITY_AUDIT.template.md
    - Comprehensive security audit report format
  • references/owasp_checklist.md
    - OWASP Top 10 checklist with CVSS scoring and CWE references
  • references/SECURITY_AUDIT.template.md
    - 全面的安全审计报告模板
  • references/owasp_checklist.md
    - 带有CVSS评分和CWE参考的OWASP Top 10检查清单

Workflow

工作流程

  1. Define scope and methodology
  2. Perform static/dynamic analysis
  3. Document findings by severity
  4. Map to OWASP categories
  5. Create remediation roadmap
  6. Verify fixes
  1. 定义范围与方法
  2. 执行静态/动态分析
  3. 按严重程度记录发现的问题
  4. 对应到OWASP分类
  5. 制定修复路线图
  6. 验证修复效果

Output Format

输出格式

Security findings should include:
  • Severity (Critical/High/Medium/Low)
  • CVSS score and vector
  • CWE classification
  • Proof of concept
  • Remediation steps
安全发现应包含以下内容:
  • 严重程度(Critical/High/Medium/Low)
  • CVSS评分与向量
  • CWE分类
  • 概念验证
  • 修复步骤