security_audit – Comprehensive Security Analysis
OWASP-compliant security vulnerability assessment with cross-file analysis and compliance reporting
Use local-llm:security_audit to analyse your project for security vulnerabilities and compliance issues.
Perfect For
Pre-Deployment Security Review
Comprehensive vulnerability assessment before production releases with detailed risk categorisation and remediation guidance.
Compliance Auditing
OWASP Top 10 compliance checking with detailed reporting suitable for security team reviews and regulatory requirements.
Legacy System Assessment
Security analysis of inherited codebases to identify critical vulnerabilities and establish security baselines.
API Security Validation
Authentication flow analysis, input validation assessment, and endpoint security verification with industry best practices.
Third-Party Integration Security
External dependency security assessment and integration point vulnerability analysis with supply chain considerations.
Quick Start
local-llm:security_audit with:
- projectPath: "C:/web-app"
- auditDepth: "comprehensive"
- includeOwasp: trueFocused authentication analysis:
local-llm:security_audit with:
- filePath: "C:/api/auth.js"
- focusAreas: ["authentication", "input-validation"]
- includeOwasp: trueSecurity Analysis Output
OWASP Top 10 Assessment
- Injection Vulnerabilities: SQL injection, NoSQL injection, command injection detection with CWE references
- Authentication Issues: Weak authentication mechanisms, session management flaws, and credential handling assessment
- Sensitive Data Exposure: Unprotected data transmission, inadequate encryption, and information leakage detection
- Security Misconfiguration: Default configurations, unnecessary services, and hardening opportunities
Input Validation Analysis
- XSS Prevention: Cross-site scripting vulnerability detection with context-aware output encoding analysis
- CSRF Protection: Cross-site request forgery protection implementation verification
- Data Sanitisation: Input sanitisation pattern analysis and validation rule assessment
Risk Assessment
- Critical Severity: Immediate threats requiring urgent remediation with exploitation scenarios
- High/Medium/Low Severity: Risk categorisation with business impact assessment and remediation timelines
- Compliance Status: Industry standard compliance gaps with specific regulatory framework references
Security Analysis Example
Vulnerable Code
// Authentication endpoint
app.post('/login', (req, res) => {
const { username, password } = req.body;
const query = `SELECT * FROM users WHERE username = '${username}' AND password = '${password}'`;
db.query(query, (err, results) => {
if (results.length > 0) {
res.json({ success: true, user: results[0] });
}
});
});Security Findings
- Critical: SQL Injection (CWE-89) – Direct string concatenation enables arbitrary SQL execution
- High: Plain Text Passwords – Password storage without hashing violates security best practices
- Medium: Information Disclosure – Complete user record exposure in response
- Medium: Missing Rate Limiting – No brute force protection on authentication endpoint
Parameters
| Parameter | Type | Description | Example |
|---|---|---|---|
| projectPath | string | Root directory for multi-file analysis | “C:/web-app” |
| filePath | string | Single file to audit | “C:/api/auth.js” |
| auditDepth | enum | Analysis thoroughness level | “basic” | “standard” | “comprehensive” |
| includeOwasp | boolean | Include OWASP Top 10 compliance checks | true |
| focusAreas | array | Specific security focus areas | [“authentication”, “data-flow”] |
Advanced Configuration
Framework-Specific Security Analysis: Tailored security patterns for different technology stacks.
// Node.js API security audit
local-llm:security_audit with:
- projectPath: "C:/node-api"
- auditDepth: "comprehensive"
- focusAreas: ["authentication", "input-validation", "data-flow"]
// WordPress plugin security review
local-llm:security_audit with:
- projectPath: "C:/wp-plugin"
- includeOwasp: true
- focusAreas: ["authentication", "input-validation"]Security Workflow Integration:
- Run security_audit for baseline security assessment
- Use analyze_database_queries for SQL injection analysis
- Apply suggest_refactoring for security improvements
- Generate secure unit tests with generate_unit_tests
Pro Tips
Regular Security Monitoring: Run security audits before each release cycle to catch vulnerabilities early in the development process.
Compliance Documentation: Use audit reports for security team reviews and regulatory compliance documentation.
Risk Prioritisation: Address Critical and High severity findings immediately, schedule Medium/Low findings for future sprints.
Related Functions
- analyze_database_queries – Specialised SQL injection and database security analysis
- analyze_wordpress_security – WordPress-specific security patterns and vulnerability detection
- suggest_refactoring – Security-focused code improvement recommendations
- analyze_dependencies – Third-party dependency security assessment