askill
security

securitySafety 100Repository

Use this skill when doing security reviews, penetration testing, threat modeling, compliance work, or incident response. Activates on mentions of security audit, vulnerability, penetration test, pentest, OWASP, CVE, security review, threat model, zero trust, SOC 2, HIPAA, GDPR, compliance, incident response, SBOM, supply chain security, secrets management, or authentication security.

securityhyperb1iss
0 stars
1.2k downloads
Updated 2/19/2026

Package Files

Loading files...
SKILL.md

Security Operations

Secure systems from design through deployment and incident response.

Quick Reference

Security Architecture Principles

Zero Trust Model:

  1. Never trust, always verify
  2. Assume breach
  3. Verify explicitly
  4. Least privilege access
  5. Micro-segmentation

SLSA Framework (Supply Chain):

  • Level 1: Documentation
  • Level 2: Hosted build, signed provenance
  • Level 3: Hardened builds, 2-person review
  • Level 4: Hermetic, reproducible builds

Threat Modeling (STRIDE)

ThreatExampleMitigation
SpoofingFake identityStrong auth, MFA
TamperingModified dataIntegrity checks, signing
RepudiationDeny actionsAudit logs, non-repudiation
Information DisclosureData leakEncryption, access control
Denial of ServiceOverloadRate limiting, scaling
Elevation of PrivilegeUnauthorized accessLeast privilege, RBAC

Code Security Review Checklist

## OWASP Top 10 (2021)

- [ ] A01: Broken Access Control
- [ ] A02: Cryptographic Failures
- [ ] A03: Injection (SQL, NoSQL, OS, LDAP)
- [ ] A04: Insecure Design
- [ ] A05: Security Misconfiguration
- [ ] A06: Vulnerable Components
- [ ] A07: Auth Failures
- [ ] A08: Software/Data Integrity Failures
- [ ] A09: Logging/Monitoring Failures
- [ ] A10: SSRF

Secrets Management

Never commit secrets. Use environment-based injection:

# Kubernetes External Secrets
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: api-keys
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: vault-backend
    kind: ClusterSecretStore
  target:
    name: api-keys
  data:
    - secretKey: OPENAI_API_KEY
      remoteRef:
        key: secret/data/api-keys
        property: openai

SBOM Generation

# Generate SBOM with Syft
syft packages dir:. -o spdx-json > sbom.spdx.json

# Scan for vulnerabilities with Grype
grype sbom:sbom.spdx.json --fail-on high

Container Security

# Secure Dockerfile patterns
FROM cgr.dev/chainguard/node:latest AS build
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production

FROM cgr.dev/chainguard/node:latest
WORKDIR /app
COPY --from=build /app/node_modules ./node_modules
COPY . .
USER nonroot
CMD ["node", "server.js"]

Scan images:

trivy image myapp:latest --severity HIGH,CRITICAL

Runtime Security (eBPF)

Tetragon for kernel-level enforcement:

apiVersion: cilium.io/v1alpha1
kind: TracingPolicy
metadata:
  name: sensitive-file-access
spec:
  kprobes:
    - call: "fd_install"
      selectors:
        - matchArgs:
            - index: 1
              operator: "Prefix"
              values: ["/etc/shadow", "/etc/passwd"]
      action: NotifyEnforcer

Falco for threat detection:

- rule: Shell Spawned in Container
  desc: Detect shell spawned in a container
  condition: >
    spawned_process and container and
    proc.name in (shell_binaries)
  output: >
    Shell spawned in container
    (user=%user.name container=%container.name shell=%proc.name)
  priority: WARNING

Compliance Automation

Vanta/Drata Integration:

  • Continuous monitoring of 35+ frameworks
  • Automated evidence collection
  • Risk flagging and remediation tracking

Key Frameworks:

  • SOC 2 Type II
  • ISO 27001
  • HIPAA
  • GDPR
  • PCI DSS

Incident Response Playbook

## Phase 1: Detection & Analysis (MTTD < 5 min)

1. Alert triggered → Acknowledge in SOAR
2. Gather initial IOCs (IPs, hashes, usernames)
3. Determine scope and severity
4. Escalate if P1/P2

## Phase 2: Containment (MTTR < 1 hour)

1. Isolate affected systems
2. Block malicious IPs/domains
3. Disable compromised accounts
4. Preserve evidence (disk images, logs)

## Phase 3: Eradication

1. Remove malware/backdoors
2. Patch vulnerabilities
3. Reset credentials
4. Verify clean state

## Phase 4: Recovery

1. Restore from clean backups
2. Monitor for re-infection
3. Gradual service restoration
4. Validate functionality

## Phase 5: Lessons Learned

1. Timeline reconstruction
2. Root cause analysis
3. Update playbooks
4. Security improvements

Penetration Testing Checklist

## Reconnaissance

- [ ] DNS enumeration
- [ ] Subdomain discovery
- [ ] Port scanning
- [ ] Service fingerprinting

## Web Application

- [ ] Authentication bypass
- [ ] Session management
- [ ] Input validation
- [ ] Access control
- [ ] Business logic

## Infrastructure

- [ ] Network segmentation
- [ ] Privilege escalation
- [ ] Lateral movement
- [ ] Data exfiltration paths

Agents

  • security-architect - Threat modeling, secure design, compliance
  • incident-responder - Incident handling, forensics, recovery

Deep Dives

Examples

Install

Download ZIP
Requires askill CLI v1.0+

AI Quality Score

96/100Analyzed 2/12/2026

An exceptional security skill document providing a comprehensive, actionable, and well-structured guide to security operations, from threat modeling to incident response.

100
95
95
98
95

Metadata

Licenseunknown
Version-
Updated2/19/2026
Publisherhyperb1iss

Tags

apici-cddatabasellmobservabilitysecurity