igbuend
@igbuend
Public Skills
data-visualization
by igbuend
Data visualization and information design best practices. Use when creating charts, dashboards, graphs, or any visual representation of data.
amsmath
by igbuend
"LaTeX amsmath/amssymb/mathtools packages for mathematical typesetting. Use when helping users write equations, align math, use mathematical symbols, matrices, theorems, or any advanced math formatting."
booktabs
by igbuend
"LaTeX booktabs/tabularx/multirow/longtable packages for professional tables. Use when helping users create well-formatted tables, multi-page tables, or improve table appearance."
biblatex
by igbuend
"LaTeX biblatex/biber packages for modern bibliography management. Use when helping users cite references, manage .bib files, choose citation styles, or troubleshoot bibliography compilation."
hyperref
by igbuend
"LaTeX hyperref package for hyperlinks, cross-references, bookmarks, and PDF metadata. Use when helping users add clickable links, configure PDF properties, or manage cross-references."
graphicx
by igbuend
"LaTeX graphicx package for image inclusion and manipulation. Use when helping users insert images, resize graphics, create figure environments, or work with subfigures."
latex
by igbuend
"Comprehensive LaTeX reference for document creation, formatting, mathematics, tables, figures, bibliographies, and compilation. Use when helping users write, edit, debug, or compile LaTeX documents."
cryptographic-key-management-pattern
by igbuend
Security pattern for managing cryptographic keys throughout their lifecycle. Use when integrating cryptography requiring key generation, storage, distribution, or usage. Provides guidance on key confidentiality, integrity, configuration protection, and key information handling. Foundation for Cryptography as a service and Self-managed cryptography patterns.
data-validation-pattern
by igbuend
Security pattern for input validation and sanitization. Use when implementing input handling, preventing injection attacks (SQL, XSS, command), ensuring data integrity, or processing data from untrusted sources. Addresses "Entity provides unexpected data" problem.
encryption-pattern
by igbuend
Security pattern for implementing encryption and decryption operations. Use when encrypting data for confidentiality, selecting encryption algorithms (AES, RSA), configuring cipher modes (GCM, CBC), choosing key lengths, or implementing symmetric/asymmetric encryption. Specialization of Cryptographic action pattern addressing confidentiality requirements.
log-entity-actions-pattern
by igbuend
Security pattern for implementing security logging and audit trails. Use when designing logging systems for security events, implementing non-repudiation, creating audit trails, or addressing security monitoring and incident response needs. Addresses "Entity repudiates action request" problem.
message-authentication-code-pattern
by igbuend
Security pattern for implementing Message Authentication Codes (MACs) to ensure data integrity and origin authentication. Use when implementing HMAC, CMAC, or other MAC algorithms, verifying message integrity, authenticating message origin with shared secrets, or when non-repudiation is NOT required. Specialization of Cryptographic action pattern.
cryptographic-action-pattern
by igbuend
Base security pattern for integrating cryptographic primitives into software systems. Use when implementing encryption, digital signatures, MACs, or any cryptographic operations. Provides guidance on library selection, key usage, configuration protection, and designing for cryptographic agility. Foundation pattern for Encryption, Digital signature, and MAC patterns.
authentication-pattern
by igbuend
Security pattern for implementing authentication in software systems. Use when designing or reviewing authentication mechanisms, implementing login systems, verifying user identity, protecting system access, or addressing OWASP authentication flaws. Provides guidance on enforcers, verifiers, evidence providers, subject registration, credential management, and security considerations.
authorisation-pattern
by igbuend
Security pattern for implementing access control and authorization. Use when designing permission systems, implementing RBAC/ABAC, preventing unauthorized access, addressing privilege escalation, or ensuring users can only perform allowed actions on permitted resources. Addresses "Entity performs disallowed action" problem.
digital-signature-pattern
by igbuend
Security pattern for implementing digital signatures. Use when implementing document signing, code signing, certificate signing, non-repudiation, or verifying authenticity and integrity of messages using asymmetric cryptography (RSA, ECDSA, Ed25519).
cryptography-as-a-service-pattern
by igbuend
Security pattern for delegating cryptographic operations and key management to an external service. Use when designing systems that should not possess cryptographic keys directly. Implementation of Cryptographic Key Management pattern. Examples include Android Keystore, iOS KeyChain, AWS KMS, Azure Key Vault, Google Cloud KMS. Reduces risk of key leakage and cipher misconfiguration.
encrypted-tunnel-pattern
by igbuend
Security pattern for channel-level encryption (TLS/SSH). Use when implementing HTTPS, securing all communication between endpoints, setting up TLS connections, or when infrastructure should handle encryption transparently. Addresses "Leak action request or data in transit" problem.
limit-request-rate-pattern
by igbuend
Security pattern for implementing rate limiting and throttling. Use when protecting against brute-force attacks, DoS/DDoS mitigation, preventing resource exhaustion, or limiting API abuse. Addresses "Entity absorbs excessive resources" problem.
insecure-defaults-anti-pattern
by igbuend
Security anti-pattern for fail-open defaults (CWE-1188). Use when reviewing code that uses fallback values for secrets, credentials, or security settings. Detects applications that run with weak defaults when configuration is missing.
mass-assignment-anti-pattern
by igbuend
"Security anti-pattern for mass assignment vulnerabilities (CWE-915). Use when generating or reviewing code that creates or updates objects from user input, form handling, or API request processing. Detects uncontrolled property binding enabling privilege escalation."
missing-security-headers-anti-pattern
by igbuend
"Security anti-pattern for missing security headers (CWE-16). Use when generating or reviewing web application code, server configuration, or HTTP response handling. Detects missing CSP, HSTS, X-Frame-Options, and other protective headers."
ldap-injection-anti-pattern
by igbuend
"Security anti-pattern for LDAP injection vulnerabilities (CWE-90). Use when generating or reviewing code that constructs LDAP filters, queries directory services, or handles user input in LDAP operations. Detects unescaped special characters in LDAP filters."
dom-clobbering-anti-pattern
by igbuend
"Security anti-pattern for DOM Clobbering vulnerabilities (CWE-79 variant). Use when generating or reviewing code that accesses DOM elements by ID, uses global variables, or relies on document properties. Detects HTML injection that overwrites JavaScript globals."
gitleaks
by igbuend
Run Gitleaks for hardcoded secrets detection in code and git history. Use when scanning for API keys, passwords, tokens, certificates, or sensitive credentials in source code and commit history.
content-security-policy
by igbuend
Analyze Content-Security-Policy headers for misconfigurations and bypass risks. Use when reviewing CSP from raw strings, URLs, or domains.
hallucinated-packages-anti-pattern
by igbuend
"Security anti-pattern for hallucinated (non-existent) packages (CWE-1357). Use when generating or reviewing AI-assisted code that imports packages, dependencies, or libraries. CRITICAL AI-specific vulnerability with 5-21% hallucination rate. Detects dependency confusion and slopsquatting risks."
log-injection-anti-pattern
by igbuend
"Security anti-pattern for log injection vulnerabilities (CWE-117). Use when generating or reviewing code that writes to log files, handles logging of user input, or processes log data. Detects unsanitized data in log messages enabling log forging and CRLF injection."
application-inspector
by igbuend
Run Microsoft Application Inspector for technology profiling and security feature detection. Use when analyzing technology stack, finding crypto/auth patterns, detecting sensitive API usage, or creating security posture reports.
codeql
by igbuend
Run CodeQL static analysis for security vulnerability detection, taint tracking, and data flow analysis. Use when asked to scan code with CodeQL, write QL queries, perform deep interprocedural analysis, or integrate with GitHub Advanced Security.
integer-overflow-anti-pattern
by igbuend
"Security anti-pattern for integer overflow vulnerabilities (CWE-190). Use when generating or reviewing code that performs arithmetic on user-controlled values, handles sizes/quantities, or calculates prices/amounts. Detects overflow in validated inputs."
command-injection-anti-pattern
by igbuend
"Security anti-pattern for OS Command Injection vulnerabilities (CWE-78). Use when generating or reviewing code that executes shell commands, runs system processes, or handles user input in command-line operations. Detects shell string concatenation and recommends argument arrays."
agent-review
by igbuend
Review AI agent implementations for best practices in architecture, folder structure, design patterns, error handling, and observability. Use when auditing agent codebases or designing new agent systems.
encoding-bypass-anti-pattern
by igbuend
"Security anti-pattern for encoding bypass vulnerabilities (CWE-838). Use when generating or reviewing code that handles URL encoding, Unicode normalization, or character set conversions before security validation. Detects validation before normalization and double-encoding issues."
depscan
by igbuend
Run OWASP Depscan for advanced Software Composition Analysis with VDR, CSAF, and license compliance. Use when scanning dependencies with deep SCA, generating VEX documents, SBOM+VDR analysis, or comprehensive license auditing.
hardcoded-secrets-anti-pattern
by igbuend
"Security anti-pattern for hardcoded credentials and secrets (CWE-798). Use when generating or reviewing code that handles API keys, passwords, database credentials, encryption keys, or any sensitive configuration. Detects embedded secrets and recommends environment variables or secret managers."
length-extension-attacks-anti-pattern
by igbuend
"Security anti-pattern for hash length extension vulnerabilities (CWE-328). Use when generating or reviewing code that uses hash(secret + message) for authentication, API signatures, or integrity verification. Detects Merkle-Damgard hash misuse."
insufficient-randomness-anti-pattern
by igbuend
"Security anti-pattern for insufficient randomness vulnerabilities (CWE-330). Use when generating or reviewing code that creates security tokens, session IDs, encryption keys, nonces, or any security-critical random values. Detects use of Math.random() or predictable seeds."
excessive-data-exposure-anti-pattern
by igbuend
"Security anti-pattern for excessive data exposure (CWE-200). Use when generating or reviewing API responses, database queries, or data serialization. Detects returning more data than necessary including internal fields, sensitive attributes, and related records."
jwt-misuse-anti-pattern
by igbuend
"Security anti-pattern for JWT misuse vulnerabilities (CWE-287). Use when generating or reviewing code that creates, validates, or uses JSON Web Tokens. Detects 'none' algorithm attacks, weak secrets, sensitive data in payloads, and missing expiration."
missing-rate-limiting-anti-pattern
by igbuend
"Security anti-pattern for missing rate limiting (CWE-770). Use when generating or reviewing API endpoints, authentication systems, or public-facing services. Detects absence of request throttling enabling brute force, credential stuffing, and DoS attacks."
debug-mode-production-anti-pattern
by igbuend
"Security anti-pattern for debug mode in production (CWE-215). Use when generating or reviewing code that configures application settings, deployment configurations, or error handling. Detects hardcoded debug flags and development-only features in production."
missing-authentication-anti-pattern
by igbuend
"Security anti-pattern for missing or broken authentication (CWE-287). Use when generating or reviewing code for login systems, API endpoints, protected routes, or access control. Detects unprotected endpoints, weak password policies, and missing rate limiting on authentication."
insecure-temp-files-anti-pattern
by igbuend
"Security anti-pattern for insecure temporary files (CWE-377). Use when generating or reviewing code that creates temporary files, handles file caching, or processes uploads through temp storage. Detects predictable paths, insecure permissions, and missing cleanup."
kics
by igbuend
Run Checkmarx KICS for Infrastructure as Code security scanning. Use when analyzing Terraform, CloudFormation, Kubernetes, Ansible, Dockerfile, or other IaC for misconfigurations and security issues.
mutation-xss-anti-pattern
by igbuend
"Security anti-pattern for mutation XSS (mXSS) vulnerabilities (CWE-79 variant). Use when generating or reviewing code that sanitizes HTML content, handles user-provided markup, or processes rich text. Detects sanitizer bypass through browser parsing mutations."
missing-input-validation-anti-pattern
by igbuend
"Security anti-pattern for missing input validation (CWE-20). Use when generating or reviewing code that processes user input, form data, API parameters, or external data. Detects client-only validation, missing type checks, and absent length limits. Foundation vulnerability enabling most attack classes."
attack-surface-xss
by igbuend
Reconnaissance skill for XSS attack surface — analyzes headers, frameworks, JS libraries, and DOM patterns at a URL to map what makes XSS possible or harder. For ethical hackers preparing for XSS testing.
ethical-hacking-ethics
by igbuend
Legal and ethical guidelines for bug bounties, pentesting, and security research. Use when conducting authorized security testing.
codebase-discovery
by igbuend
Generate security-focused DISCOVERY.md for code review and threat modeling. Use when assessing unfamiliar codebases.