security_audit – Comprehensive Security Analysis

OWASP-compliant security vulnerability assessment with cross-file analysis and compliance reporting

Perfect For

Pre-Deployment Security Review
Comprehensive vulnerability assessment before production releases with detailed risk categorisation and remediation guidance.

Compliance Auditing
OWASP Top 10 compliance checking with detailed reporting suitable for security team reviews and regulatory requirements.

Legacy System Assessment
Security analysis of inherited codebases to identify critical vulnerabilities and establish security baselines.

API Security Validation
Authentication flow analysis, input validation assessment, and endpoint security verification with industry best practices.

Third-Party Integration Security
External dependency security assessment and integration point vulnerability analysis with supply chain considerations.

Quick Start

local-llm:security_audit with:
- projectPath: "C:/web-app"
- auditDepth: "comprehensive"
- includeOwasp: true

Focused authentication analysis:

local-llm:security_audit with:
- filePath: "C:/api/auth.js"
- focusAreas: ["authentication", "input-validation"]
- includeOwasp: true

Security Analysis Output

OWASP Top 10 Assessment

• Injection Vulnerabilities: SQL injection, NoSQL injection, command injection detection with CWE references
• Authentication Issues: Weak authentication mechanisms, session management flaws, and credential handling assessment
• Sensitive Data Exposure: Unprotected data transmission, inadequate encryption, and information leakage detection
• Security Misconfiguration: Default configurations, unnecessary services, and hardening opportunities

Input Validation Analysis

• XSS Prevention: Cross-site scripting vulnerability detection with context-aware output encoding analysis
• CSRF Protection: Cross-site request forgery protection implementation verification
• Data Sanitisation: Input sanitisation pattern analysis and validation rule assessment

Risk Assessment

• Critical Severity: Immediate threats requiring urgent remediation with exploitation scenarios
• High/Medium/Low Severity: Risk categorisation with business impact assessment and remediation timelines
• Compliance Status: Industry standard compliance gaps with specific regulatory framework references

Security Analysis Example

Vulnerable Code

// Authentication endpoint
app.post('/login', (req, res) => {
  const { username, password } = req.body;
  const query = `SELECT * FROM users WHERE username = '${username}' AND password = '${password}'`;
  db.query(query, (err, results) => {
    if (results.length > 0) {
      res.json({ success: true, user: results[0] });
    }
  });
});

Security Findings

• Critical: SQL Injection (CWE-89) – Direct string concatenation enables arbitrary SQL execution
• High: Plain Text Passwords – Password storage without hashing violates security best practices
• Medium: Information Disclosure – Complete user record exposure in response
• Medium: Missing Rate Limiting – No brute force protection on authentication endpoint

Remediation Recommendations

• Implement Parameterised Queries: Use prepared statements to prevent SQL injection attacks
• Password Hashing: Implement bcrypt or Argon2 for secure password storage
• Response Sanitisation: Return minimal user data, exclude sensitive fields
• Rate Limiting: Implement express-rate-limit for brute force protection

Parameters

Focus Areas Configuration

• authentication: Login systems, session management, access control mechanisms
• data-flow: Sensitive data handling, encryption, transmission security
• input-validation: XSS prevention, injection attacks, sanitisation patterns
• configuration: Security headers, CORS policies, environment configurations

Advanced Configuration

Framework-Specific Security Analysis: Tailored security patterns for different technology stacks with framework-specific vulnerability detection.

// Node.js/Express API security audit
local-llm:security_audit with:
- projectPath: "C:/api-server"
- auditDepth: "comprehensive"
- focusAreas: ["authentication", "input-validation"]
- includeOwasp: true

// React application security review
local-llm:security_audit with:
- projectPath: "C:/react-app/src"
- auditDepth: "standard"
- focusAreas: ["data-flow", "configuration"]

// WordPress plugin security assessment
local-llm:security_audit with:
- projectPath: "C:/wp-plugin"
- auditDepth: "comprehensive"
- focusAreas: ["authentication", "input-validation"]
- projectType: "wordpress-plugin"

Security Review Workflow:

1. Run security_audit for baseline vulnerability assessment
2. Address critical and high severity findings immediately
3. Use analyze_database_queries for SQL injection deep dive
4. Generate comprehensive documentation with security findings
5. Re-audit after implementing security fixes

Compliance Reporting

Industry Standards Coverage:

• OWASP Top 10: Complete coverage with current threat landscape analysis
• CWE References: Common Weakness Enumeration mappings for vulnerability classification
• SANS Top 25: Most dangerous software errors identification and remediation
• ISO 27001: Information security management system alignment

Pro Tips

Continuous Security: Integrate security audits into CI/CD pipelines for automated vulnerability detection before deployment.

Risk Prioritisation: Focus on critical and high severity findings first, as these pose immediate threats to system security.

Documentation Standards: Security audit results provide compliance documentation suitable for security team reviews and regulatory audits.

Follow-Up Analysis: Use specialized functions like analyze_database_queries for deep-dive analysis of specific vulnerability categories.

Related Functions

• analyze_database_queries – Detailed SQL injection and database security analysis
• analyze_wordpress_security – WordPress-specific security patterns and vulnerabilities
• analyze_single_file – Individual file security assessment with context analysis
• generate_documentation – Security findings documentation and compliance reporting