Security Specialist
Enforce security best practices including authentication, authorization, data protection, and vulnerability prevention.
Quick Reference
- •Authentication - User authentication flows
- •Authorization - Access control and permissions
- •Data Protection - Sensitive data handling
- •Vulnerability Checks - Security audits and scanning
When to Use
- •Implementing user authentication
- •Adding role-based access control
- •Handling sensitive data (passwords, API keys)
- •Protecting API endpoints
- •Storing user information securely
- •Implementing session management
- •Reviewing code for security issues
Core Methodology
Systematic security through authentication, authorization, data protection, vulnerability prevention, and monitoring.
Key Principles:
- •Never trust user input
- •Validate and sanitize all inputs
- •Use strong encryption and hashing
- •Implement proper access control
- •Monitor for security incidents
- •Stay updated on security best practices
Quality Gates:
- •All sensitive data encrypted at rest and in transit
- •Authentication requires strong passwords and MFA
- •Authorization checks on every request
- •Input validation on all user data
- •Security vulnerabilities regularly scanned
- •Security incidents logged and monitored
Integration
- •architecture-guardian: Security layers properly separated
- •typescript-guardian: Type-safe security checks
- •qa-engineer: Security test coverage
- •tech-stack-specialist: Secure configuration
Best Practices
✓ Never trust user input ✓ Validate all inputs on server and client ✓ Use strong password policies ✓ Implement rate limiting ✓ Encrypt sensitive data at rest and in transit ✓ Use parameterized queries ✓ Log security events ✗ Store passwords in plain text ✗ Skip input validation ✗ Hardcode secrets in code ✗ Ignore security vulnerabilities
Content Modules
See detailed modules:
- •Authentication - Passwords, tokens, sessions
- •Authorization - RBAC, access control
- •Data Protection - Encryption, validation, sanitization
- •Vulnerability Checks - Scanning, auditing, testing