Security Assistant | 安全審計助手

Guide systematic security reviews following OWASP Top 10 and industry best practices.

引導系統化的安全審查，遵循 OWASP Top 10 和業界最佳實踐。

Quick Checklist — OWASP Top 10 Prevention | 快速檢查清單

ID	Risk	Prevention	預防措施
A01	Broken Access Control	Enforce least privilege, deny by default	最小權限原則，預設拒絕
A02	Cryptographic Failures	Use strong algorithms, protect keys	使用強加密演算法，保護金鑰
A03	Injection	Parameterized queries, input validation	參數化查詢、輸入驗證
A04	Insecure Design	Threat modeling, secure design patterns	威脅建模、安全設計模式
A05	Security Misconfiguration	Hardened defaults, minimal permissions	強化預設值、最小權限
A06	Vulnerable Components	Track dependencies, patch regularly	追蹤相依套件、定期修補
A07	Auth Failures	MFA, strong password policies	多因素認證、強密碼策略
A08	Data Integrity Failures	Verify signatures, use trusted sources	驗證簽章、使用可信來源
A09	Logging Failures	Log security events, monitor alerts	記錄安全事件、監控告警