Name: Security Audit
Author: hiroshiyui

name	security-audit
description	Perform project-wide security audits.

When performing a security audit, always follow these steps:

Audit Dependencies — check for known vulnerabilities in all dependencies (client and server). Use the appropriate tool for the stack (e.g. cargo audit, npm audit).
Static Analysis — review code for common web security issues: XSS, CSRF, insecure file upload handling, injection vulnerabilities (SQL, command), and improper authentication/authorization in API endpoints.
WASM & Browser Security — check that the WASM module does not expose unsafe operations to the host, and that Content Security Policy headers are correctly configured.
File Upload Pipeline — validate that uploaded sound font files are type-checked, size-limited, stored outside the web root, and never executed on the server.
Report Findings — document all identified risks, classify them by severity (Critical, High, Medium, Low), and provide specific remediation steps for each.

name	security-audit
description	Perform project-wide security audits.

When performing a security audit, always follow these steps:

Audit Dependencies — check for known vulnerabilities in all dependencies (client and server). Use the appropriate tool for the stack (e.g. cargo audit, npm audit).
Static Analysis — review code for common web security issues: XSS, CSRF, insecure file upload handling, injection vulnerabilities (SQL, command), and improper authentication/authorization in API endpoints.
WASM & Browser Security — check that the WASM module does not expose unsafe operations to the host, and that Content Security Policy headers are correctly configured.
File Upload Pipeline — validate that uploaded sound font files are type-checked, size-limited, stored outside the web root, and never executed on the server.
Report Findings — document all identified risks, classify them by severity (Critical, High, Medium, Low), and provide specific remediation steps for each.

security-audit

Mais deste repositório