senior-security

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Senior Security

高级安全工具集

Complete toolkit for senior security with modern tools and best practices.

基于现代工具与最佳实践打造的高级安全完整工具包。

Quick Start

快速开始

Main Capabilities

核心功能

This skill provides three core capabilities through automated scripts:

bash

undefined

本技能通过自动化脚本提供三大核心功能：

bash

undefined

Script 1: Threat Modeler

python scripts/threat_modeler.py [options]

Script 2: Security Auditor

python scripts/security_auditor.py [options]

Script 3: Pentest Automator

python scripts/pentest_automator.py [options]

undefined

python scripts/pentest_automator.py [options]

undefined

Core Capabilities

核心功能模块

1. Threat Modeler

1. 威胁建模工具

Automated tool for threat modeler tasks.

Features:

Automated scaffolding
Best practices built-in
Configurable templates
Quality checks

Usage:

bash

python scripts/threat_modeler.py <project-path> [options]

用于威胁建模任务的自动化工具。

特性：

自动化脚手架搭建
内置最佳实践
可配置模板
质量检查

使用方式：

bash

python scripts/threat_modeler.py <project-path> [options]

2. Security Auditor

2. 安全审计工具

Comprehensive analysis and optimization tool.

Features:

Deep analysis
Performance metrics
Recommendations
Automated fixes

Usage:

bash

python scripts/security_auditor.py <target-path> [--verbose]

综合性分析与优化工具。

特性：

深度分析
性能指标
优化建议
自动修复

使用方式：

bash

python scripts/security_auditor.py <target-path> [--verbose]

3. Pentest Automator

3. 渗透测试自动化工具

Advanced tooling for specialized tasks.

Features:

Expert-level automation
Custom configurations
Integration ready
Production-grade output

Usage:

bash

python scripts/pentest_automator.py [arguments] [options]

针对专项任务的高级工具。

特性：

专家级自动化
自定义配置
可集成性
生产级输出

使用方式：

bash

python scripts/pentest_automator.py [arguments] [options]

Reference Documentation

参考文档

Security Architecture Patterns

安全架构模式

Comprehensive guide available in

references/security_architecture_patterns.md

Detailed patterns and practices
Code examples
Best practices
Anti-patterns to avoid
Real-world scenarios

完整指南位于

references/security_architecture_patterns.md

：

详细的模式与实践
代码示例
最佳实践
需规避的反模式
真实场景案例

Penetration Testing Guide

渗透测试指南

Complete workflow documentation in

references/penetration_testing_guide.md

Step-by-step processes
Optimization strategies
Tool integrations
Performance tuning
Troubleshooting guide

完整的工作流文档位于

references/penetration_testing_guide.md

：

分步流程
优化策略
工具集成
性能调优
故障排查指南

Cryptography Implementation

加密实现指南

Technical reference guide in

references/cryptography_implementation.md

Technology stack details
Configuration examples
Integration patterns
Security considerations
Scalability guidelines

技术参考指南位于

references/cryptography_implementation.md

：

技术栈细节
配置示例
集成模式
安全考量
可扩展性准则

Tech Stack

技术栈

Languages: TypeScript, JavaScript, Python, Go, Swift, Kotlin Frontend: React, Next.js, React Native, Flutter Backend: Node.js, Express, GraphQL, REST APIs Database: PostgreSQL, Prisma, NeonDB, Supabase DevOps: Docker, Kubernetes, Terraform, GitHub Actions, CircleCI Cloud: AWS, GCP, Azure

编程语言： TypeScript, JavaScript, Python, Go, Swift, Kotlin 前端： React, Next.js, React Native, Flutter 后端： Node.js, Express, GraphQL, REST APIs 数据库： PostgreSQL, Prisma, NeonDB, Supabase DevOps： Docker, Kubernetes, Terraform, GitHub Actions, CircleCI 云服务： AWS, GCP, Azure

Development Workflow

开发流程

1. Setup and Configuration

1. 环境搭建与配置

bash

undefined

bash

undefined

Install dependencies

安装依赖

npm install

or

或

pip install -r requirements.txt

Configure environment

配置环境

cp .env.example .env

undefined

cp .env.example .env

undefined

2. Run Quality Checks

2. 执行质量检查

bash

undefined

bash

undefined

Use the analyzer script

使用分析脚本

python scripts/security_auditor.py .

Review recommendations

查看优化建议

Apply fixes

应用修复方案

undefined

undefined

3. Implement Best Practices

3. 落地最佳实践

Follow the patterns and practices documented in:

references/security_architecture_patterns.md

```
references/penetration_testing_guide.md
```

references/cryptography_implementation.md

遵循以下文档中记录的模式与实践：

references/security_architecture_patterns.md

```
references/penetration_testing_guide.md
```

references/cryptography_implementation.md

Best Practices Summary

最佳实践总结

Code Quality

代码质量

Follow established patterns
Write comprehensive tests
Document decisions
Review regularly

遵循既定模式
编写全面测试用例
记录决策依据
定期代码评审

Performance

性能优化

Measure before optimizing
Use appropriate caching
Optimize critical paths
Monitor in production

先度量再优化
合理使用缓存
优化关键路径
生产环境监控

Security

安全规范

Validate all inputs
Use parameterized queries
Implement proper authentication
Keep dependencies updated

验证所有输入
使用参数化查询
实现完善的认证机制
及时更新依赖

Maintainability

可维护性

Write clear code
Use consistent naming
Add helpful comments
Keep it simple

编写清晰代码
保持命名一致
添加有用注释
保持简洁设计

Common Commands

常用命令

bash

undefined

bash

undefined

Development

开发相关

npm run dev npm run build npm run test npm run lint

Analysis

分析相关

python scripts/security_auditor.py . python scripts/pentest_automator.py --analyze

Deployment

部署相关

docker build -t app:latest . docker-compose up -d kubectl apply -f k8s/

undefined

docker build -t app:latest . docker-compose up -d kubectl apply -f k8s/

undefined

Troubleshooting

故障排查

Common Issues

常见问题

Check the comprehensive troubleshooting section in

references/cryptography_implementation.md

请查看

references/cryptography_implementation.md

中的完整故障排查章节。

Getting Help

获取帮助

Review reference documentation
Check script output messages
Consult tech stack documentation
Review error logs

查阅参考文档
查看脚本输出信息
参考技术栈官方文档
检查错误日志

Resources

资源汇总

Pattern Reference:

references/security_architecture_patterns.md

Workflow Guide:
```
references/penetration_testing_guide.md
```

Technical Guide:

references/cryptography_implementation.md

Tool Scripts:
```
scripts/
```
directory

模式参考：

references/security_architecture_patterns.md

工作流指南：
```
references/penetration_testing_guide.md
```

技术指南：

references/cryptography_implementation.md

工具脚本：
```
scripts/
```
目录