Security Audit

Perform comprehensive security audit on ACTUAL codebase:

1. Dependency Security:

   • Identify the language/framework by examining dependency files
   • Run the appropriate package audit tool for the detected language
   • Document all findings with CVE numbers and severity levels
   • Check for outdated, deprecated, or vulnerable packages
   • Recommend secure alternatives for vulnerable dependencies

2. Code Security - Find vulnerabilities using search:

   • SQL Injection:

     • Search for database queries built with string interpolation or concatenation
     • Look for raw SQL queries without parameterization or prepared statements
     • Find queries that directly embed user input

   • XSS Vulnerabilities:

     • Search for user input rendered as HTML without escaping
     • Find template rendering with disabled auto-escaping
     • Look for direct DOM manipulation with user-controlled content

   • Command Injection:

     • Search for system command execution functions
     • Find shell commands built from user input
     • Look for unsafe eval/exec patterns

   • Authentication Issues:

     • Search for weak password hashing algorithms (MD5, SHA1)
     • Find missing authentication checks on protected routes
     • Look for insecure session management patterns
     • Check for missing password complexity requirements

   • Hardcoded Secrets:

     • Search for API keys, passwords, tokens in source code
     • Look for cloud provider credentials (AWS, Azure, GCP)
     • Find private keys or certificates in the repository
     • Check if .env files are properly gitignored

   • Insecure File Operations:

     • Search for path traversal patterns (../ in file paths)
     • Find file uploads without type validation
     • Look for file operations using user-controlled paths

   • Deserialization Vulnerabilities:

     • Search for unsafe deserialization of untrusted data
     • Find deserialization without type checking or validation

3. OWASP Top 10 Check: Review codebase against OWASP Top 10:

   1. Broken Access Control - Check authorization on routes/APIs
   2. Cryptographic Failures - Verify encryption at rest/transit
   3. Injection - SQL, NoSQL, Command, LDAP injection
   4. Insecure Design - Architecture flaws
   5. Security Misconfiguration - Default configs, exposed endpoints
   6. Vulnerable Components - Outdated dependencies
   7. Authentication Failures - Weak auth/session management
   8. Data Integrity Failures - Unsigned/unencrypted critical data
   9. Logging/Monitoring Failures - Insufficient logging
   10. SSRF - Unvalidated URL fetches

4. Create Detailed Report:

   • Generate SECURITY_AUDIT.md in /docs directory
   • Categorize by severity: Critical > High > Medium > Low
   • For each issue include:
     • File location and line numbers
     • Vulnerability description
     • OWASP category
     • Remediation steps with code examples
     • CVE numbers for dependencies

5. Fix Critical Issues:

   • Fix critical/high severity issues where safe to do so
   • Update vulnerable dependencies
   • Add missing security headers (if web application)
   • Remove hardcoded secrets and migrate to environment variables
   • Add tests to verify security fixes

IMPORTANT: Scan REAL codebase for actual vulnerabilities, not create demonstrations.

Success Criteria

• Dependency vulnerabilities found and documented
• Code vulnerabilities found using search patterns
• All OWASP Top 10 risks evaluated
• Comprehensive SECURITY_AUDIT.md report generated
• Critical/high issues fixed with tests passing
• No hardcoded secrets remain

Completion Checklist

• Run dependency audit for detected language
• Search for vulnerabilities using appropriate patterns
• Generate detailed SECURITY_AUDIT.md report
• Fix critical and high-severity issues
• Add tests to verify security fixes
• Verify no new security issues introduced