Secure Code Review Skill

Purpose

This skill provides strategic guidance for conducting thorough security code reviews that identify vulnerabilities before they reach production. It implements defense-in-depth principles aligned with OWASP Top 10, SANS Top 25, and Hack23 ISMS Secure Development Policy.

When to Use This Skill

Apply this skill when:

• ✅ Reviewing pull requests before merge
• ✅ Conducting periodic security audits of existing code
• ✅ Implementing new features that handle sensitive data
• ✅ Integrating third-party libraries or APIs
• ✅ Refactoring authentication/authorization logic
• ✅ Before major releases or production deployments
• ✅ After security incidents or vulnerability disclosures