Finding Security Misconfigurations

Overview

Scan infrastructure-as-code templates, application configuration files, and system settings to detect security misconfigurations mapped to OWASP A05:2021 (Security Misconfiguration) and CIS Benchmarks. Cover cloud resources (AWS, GCP, Azure), container orchestration (Kubernetes, Docker), web servers (Nginx, Apache), and application frameworks.

Prerequisites

• Infrastructure-as-code files accessible in ${CLAUDE_SKILL_DIR}/ (Terraform .tf, CloudFormation .yaml/.json, Ansible playbooks, Kubernetes manifests)
• Application configuration files available (application.yml, config.json, .env.example, web.config)
• Container definitions (Dockerfile, docker-compose.yml, Helm charts)
• Web server configs (nginx.conf, httpd.conf, .htaccess) if applicable
• Write permissions for findings output in ${CLAUDE_SKILL_DIR}/security-findings/
• Optional: tfsec, checkov, or trivy config installed for automated pre-scanning

Instructions

1. Discover all configuration files by scanning ${CLAUDE_SKILL_DIR}/ for IaC templates (.tf, .yaml, .json, .template), application configs, container definitions, and web server configs.
2. Cloud storage: check for publicly accessible S3 buckets, unencrypted storage accounts, missing versioning, and overly permissive bucket policies (CIS AWS 2.1.1, 2.1.2).
3. Network security: flag security groups allowing 0.0.0.0/0 ingress on sensitive ports (22, 3389, 3306, 5432, 27017), missing VPC flow logs, and absent network segmentation.