security-deep-divelisted

Performs red team security analysis with threat modeling, attack surface mapping, auth flow analysis, and dependency chain audits. Goes beyond checklists to think like an attacker. Use when doing security audit, penetration testing, threat modeling, security review, attack surface analysis, red team assessment, or when codebase-audit flags serious security concerns.
Saturate/agents · ★ 0 · AI & Automation · score 63

Install: claude install-skill Saturate/agents

# Security Deep Dive Think like an attacker. What would you try to break? ## Progress Checklist - [ ] Define scope and threat model - [ ] Map the attack surface - [ ] Analyze auth flows - [ ] Audit dependency chain - [ ] Review infrastructure config - [ ] Attempt exploitation paths - [ ] Report findings with severity ## Step 0: Scope and Threat Model Before diving in, understand what we're protecting: - What data is sensitive? (PII, credentials, financial, health) - Who are the threat actors? (anonymous users, authenticated users, insiders, automated attacks) - What's the impact of a breach? (data leak, financial loss, reputation, compliance violation) - What's already in place? (auth, encryption, monitoring, WAF) ## Step 1: Attack Surface Mapping List every entry point: ```bash # Find API endpoints grep -rn "router\.\|app\.\(get\|post\|put\|delete\|patch\)" --include="*.ts" --include="*.js" --include="*.go" grep -rn "\[Http\(Get\|Post\|Put\|Delete\|Patch\)\]" --include="*.cs" grep -rn "@app\.\(route\|get\|post\)" --include="*.py" # Find forms and user input grep -rn "<form\|<input\|<textarea\|<select" --include="*.html" --include="*.tsx" --include="*.vue" # Find file upload handlers grep -rn "upload\|multipart\|formData\|IFormFile" -l # Find webhook/queue consumers grep -rn "webhook\|queue\|consumer\|subscriber" -l ``` For each entry point, note: authentication requirement, input sources, data sensitivity. ## Step 2: Auth Flow Analysis Trace the full authentic