secure-code-review
Secure Code Review Skill
Purpose
This skill provides strategic guidance for conducting thorough security code reviews that identify vulnerabilities before they reach production. It implements defense-in-depth principles aligned with OWASP Top 10, SANS Top 25, and Hack23 ISMS Secure Development Policy.
When to Use This Skill
Apply this skill when:
- ✅ Reviewing pull requests before merge
- ✅ Conducting periodic security audits of existing code
- ✅ Implementing new features that handle sensitive data
- ✅ Integrating third-party libraries or APIs
- ✅ Refactoring authentication/authorization logic
- ✅ Before major releases or production deployments
- ✅ After security incidents or vulnerability disclosures
Do NOT use for:
- ❌ General code style reviews (use code-quality-checks skill)
More from hack23/cia
iso-27001-controls
Verify implementation of ISO 27001:2022 information security controls across CIA platform development and operations
15playwright-ui-testing
Playwright browser automation, visual regression testing, accessibility testing, and E2E workflow validation for CIA platform
15ui-ux-design-system
Design system management, Vaadin component library patterns, consistent UI/UX, accessibility integration
15code-quality-checks
Enforce code quality with SonarCloud, CheckStyle, SpotBugs, and maintain quality gates
14business-model-canvas
Business Model Canvas framework for value proposition, customer segments, revenue streams, and sustainable business model design
14legislative-monitoring
Voting pattern analysis, committee effectiveness, bill tracking, parliamentary oversight for Swedish intelligence operations
13