Total 50,524 skills, Security & Compliance has 1973 skills
Showing 12 of 1973 skills
Testing web applications for Cross-Site Request Forgery vulnerabilities by crafting forged requests that exploit authenticated user sessions during authorized security assessments.
Test web applications for XML injection vulnerabilities including XXE, XPath injection, and XML entity attacks to identify data exposure and server-side request forgery risks.
Segmenting home networks into VLANs for IoT, guest, trusted, and server traffic using UniFi, pfSense/OPNsense, and MikroTik — including switch trunk config, firewall rules, and wireless SSID mapping.
Audit and fix npm supply-chain security issues in the current repo. Detects the package manager, checks for missing protections (lockfile, lifecycle script blocking, release-age cooldown, pnpm exotic subdeps/trust policy, Yarn Berry hardened mode), presents findings, and applies fixes after user confirmation. Supports npm, pnpm, Yarn, Bun, and Aube. Use when asked to "harden npm", "fix supply chain", "secure dependencies", or "audit npm security".
Perform a systematic security audit of a codebase, checking for OWASP Top 10 vulnerabilities, secrets exposure, and insecure patterns.
Deep clause-by-clause NDA review from Recipient or Discloser perspective. Produces issue log with redlines, fallbacks, rationales, owners, deadlines. Use when reviewing NDAs for negotiation or approval.
Identify and report potentially malicious software repositories masquerading as legitimate security tools
Prepare for and respond to SEC and FINRA regulatory examinations across the full exam lifecycle. Use when the user asks about exam notification letters, document request lists, deficiency letter responses, mock examination programs, annual compliance reviews under Rule 206(4)-7, or SEC/FINRA examination priorities. Also trigger when users mention 'we just got an exam letter', 'preparing for our first SEC exam', 'how to respond to a deficiency finding', 'staff interview preparation', 'what does OCIE look for', 'examination readiness checklist', 'sweep exam on off-channel comms', or ask what to expect during a regulatory audit.
WARNING - This repository appears to be malware distribution disguised as legitimate software cracks
Identify, analyze, and document malware distribution repositories masquerading as legitimate software
Recognize and educate about malware distribution disguised as legitimate security software
Analyze binaries using the Domain API for IDA Pro. Use when examining program structure, functions, disassembly, cross-references, or strings.