12 KiB
12 KiB
Security Analysis Task
Task Overview
Task Name: Security Analysis Task
Category: Security Assessment
Complexity: High
Estimated Duration: 4-8 hours
Prerequisites: System architecture documentation, codebase access
Task Description
Conduct comprehensive security analysis across multiple technology stacks to identify vulnerabilities, assess security posture, and provide actionable remediation guidance.
Task Objectives
- Vulnerability Assessment: Identify security vulnerabilities across all system components
- Risk Analysis: Assess security risks and their potential business impact
- Compliance Verification: Ensure adherence to security standards and regulations
- Remediation Planning: Provide detailed remediation strategies and implementation guidance
Task Phases
Phase 1: Security Architecture Review (1-2 hours)
Objective: Analyze system architecture for security design patterns and potential weaknesses
Activities:
-
Threat Modeling
- Identify system assets and data flows
- Map potential attack vectors and threat actors
- Create threat model diagrams and documentation
-
Architecture Security Assessment
- Review authentication and authorization mechanisms
- Analyze data protection and encryption strategies
- Evaluate network security and access controls
Deliverables:
- Threat model documentation
- Architecture security assessment report
- Security design recommendations
Phase 2: Code Security Analysis (2-3 hours)
Objective: Perform static and dynamic analysis of application code for security vulnerabilities
Activities:
-
Static Code Analysis
- Automated security scanning using tools (SonarQube, Checkmarx, Semgrep)
- Manual code review for security anti-patterns
- Dependency vulnerability assessment
-
Dynamic Security Testing
- Runtime security testing and vulnerability scanning
- API security testing and validation
- Input validation and sanitization testing
Deliverables:
- Static analysis security report
- Dynamic testing results
- Vulnerability prioritization matrix
Phase 3: Infrastructure Security Assessment (1-2 hours)
Objective: Evaluate infrastructure security configuration and compliance
Activities:
-
Network Security Review
- Firewall configuration analysis
- Network segmentation assessment
- SSL/TLS configuration validation
-
Cloud Security Assessment
- IAM policies and access control review
- Resource configuration security analysis
- Compliance posture assessment
Deliverables:
- Infrastructure security assessment report
- Configuration security recommendations
- Compliance gap analysis
Phase 4: Security Remediation Planning (1 hour)
Objective: Develop comprehensive remediation strategy with prioritized action items
Activities:
-
Risk Prioritization
- Vulnerability severity assessment
- Business impact analysis
- Remediation effort estimation
-
Remediation Strategy Development
- Short-term and long-term remediation plans
- Resource allocation recommendations
- Implementation timeline development
Deliverables:
- Prioritized vulnerability list
- Remediation roadmap
- Implementation guidance documentation
Technology-Specific Security Checks
Frontend Security (React/TypeScript)
// Security Analysis Checklist
const frontendSecurityChecks = {
// XSS Prevention
xssProtection: {
checks: [
'Content Security Policy implementation',
'Input sanitization using DOMPurify',
'Secure innerHTML usage patterns',
'Template injection prevention'
],
tools: ['ESLint security plugin', 'JSHint security rules']
},
// Authentication Security
authSecurity: {
checks: [
'Secure token storage (httpOnly cookies)',
'JWT token validation and expiration',
'Session management security',
'OAuth 2.0 implementation security'
],
implementation: `
// Secure authentication pattern
const useSecureAuth = () => {
const [authState, setAuthState] = useState({
isAuthenticated: false,
user: null
});
const login = async (credentials) => {
try {
const response = await fetch('/api/auth/login', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(credentials),
credentials: 'include' // Include httpOnly cookies
});
if (response.ok) {
const userData = await response.json();
setAuthState({ isAuthenticated: true, user: userData });
}
} catch (error) {
console.error('Authentication error:', error);
}
};
return { authState, login };
};
`
},
// Data Protection
dataProtection: {
checks: [
'Sensitive data encryption in transit',
'Local storage security patterns',
'Form data validation and sanitization',
'API communication security'
]
}
};
Backend Security (Node.js/Python/.NET)
// Node.js Security Analysis
const backendSecurityChecks = {
// Input Validation
inputValidation: {
checks: [
'SQL injection prevention (parameterized queries)',
'NoSQL injection prevention',
'Command injection prevention',
'Path traversal prevention'
],
example: `
// Secure database query
const getUserById = async (userId) => {
// Use parameterized query to prevent SQL injection
const query = 'SELECT * FROM users WHERE id = $1';
const result = await db.query(query, [userId]);
return result.rows[0];
};
// Input validation middleware
const validateInput = (schema) => (req, res, next) => {
const { error } = schema.validate(req.body);
if (error) {
return res.status(400).json({
error: error.details[0].message
});
}
next();
};
`
},
// Authentication & Authorization
authSecurity: {
checks: [
'JWT token security implementation',
'Password hashing and salting',
'Session management security',
'Role-based access control'
],
example: `
// Secure password hashing
const bcrypt = require('bcrypt');
const saltRounds = 12;
const hashPassword = async (password) => {
return await bcrypt.hash(password, saltRounds);
};
// JWT token verification
const verifyToken = (req, res, next) => {
const token = req.headers.authorization?.split(' ')[1];
if (!token) {
return res.status(401).json({ error: 'Access denied' });
}
try {
const decoded = jwt.verify(token, process.env.JWT_SECRET);
req.user = decoded;
next();
} catch (error) {
res.status(400).json({ error: 'Invalid token' });
}
};
`
},
// Security Headers
securityHeaders: {
checks: [
'Helmet.js security headers implementation',
'CORS configuration security',
'Rate limiting implementation',
'HTTPS enforcement'
]
}
};
Database Security
-- Database Security Analysis
-- 1. Access Control Review
SELECT
user,
host,
authentication_string,
password_expired,
account_locked
FROM mysql.user;
-- 2. Privilege Audit
SHOW GRANTS FOR 'app_user'@'localhost';
-- 3. Encryption Status Check
SHOW VARIABLES LIKE 'have_ssl';
SHOW STATUS LIKE 'Ssl_cipher';
-- 4. Audit Log Configuration
SELECT
variable_name,
variable_value
FROM performance_schema.global_variables
WHERE variable_name LIKE 'audit%';
-- 5. Secure Configuration Validation
SELECT @@sql_mode;
SELECT @@local_infile;
SELECT @@secure_file_priv;
Security Tools Integration
Automated Security Scanning Tools
-
Static Analysis Tools
- SonarQube Security Rules
- Checkmarx SAST
- Semgrep Security Rules
- ESLint Security Plugin
-
Dependency Scanning Tools
- npm audit / yarn audit
- Snyk vulnerability scanning
- OWASP Dependency Check
- GitHub Security Advisories
-
Dynamic Testing Tools
- OWASP ZAP
- Burp Suite
- Nessus vulnerability scanner
- Qualys Web Application Scanning
Security Monitoring Tools
-
SIEM Integration
- Splunk security monitoring
- ELK Stack security analytics
- Azure Sentinel
- AWS CloudTrail analysis
-
Runtime Security
- Application performance monitoring
- Runtime application self-protection (RASP)
- Container security monitoring
- API security monitoring
Compliance Framework Integration
OWASP Top 10 Compliance
-
Injection Vulnerabilities
- SQL injection prevention
- NoSQL injection prevention
- Command injection prevention
- LDAP injection prevention
-
Broken Authentication
- Multi-factor authentication implementation
- Session management security
- Password policy enforcement
- Account lockout mechanisms
-
Sensitive Data Exposure
- Data encryption at rest and in transit
- Secure key management
- Data classification and handling
- Privacy protection measures
Regulatory Compliance
-
GDPR Compliance
- Data protection impact assessments
- Privacy by design implementation
- Data subject rights implementation
- Consent management systems
-
SOC 2 Compliance
- Security control implementation
- Availability and processing integrity
- Confidentiality protection measures
- Privacy protection controls
Quality Assurance Integration
Security Testing Integration
-
Unit Testing
- Security function unit tests
- Input validation testing
- Authentication mechanism testing
- Authorization logic testing
-
Integration Testing
- End-to-end security flow testing
- API security testing
- Cross-component security testing
- Third-party integration security
-
Performance Testing
- Security control performance impact
- Load testing with security measures
- Stress testing security boundaries
- Scalability with security controls
Reporting and Documentation
Security Assessment Report Structure
-
Executive Summary
- Overall security posture assessment
- Critical findings and recommendations
- Risk assessment summary
- Compliance status overview
-
Technical Findings
- Detailed vulnerability descriptions
- Proof of concept demonstrations
- Risk ratings and CVSS scores
- Technical remediation guidance
-
Remediation Roadmap
- Prioritized action items
- Implementation timelines
- Resource requirements
- Success metrics and validation
Continuous Monitoring Dashboard
-
Security Metrics
- Vulnerability trend analysis
- Security control effectiveness
- Incident response metrics
- Compliance posture tracking
-
Risk Indicators
- Security risk heat maps
- Threat intelligence integration
- Predictive risk analytics
- Business impact assessments
Success Criteria
- Vulnerability Detection: 95% of critical vulnerabilities identified
- Risk Assessment Accuracy: 90% accurate risk prioritization
- Remediation Effectiveness: 85% of remediated vulnerabilities stay fixed
- Compliance Achievement: 100% compliance with required standards
- Team Security Awareness: 90% improvement in security knowledge
Integration with BMAD Method
- Orchestrator Integration: Seamless task routing and execution
- Quality Framework: Integration with quality validation processes
- Cross-Persona Collaboration: Coordination with Architect, Developer, and DevOps personas
- Template Integration: Use of security assessment and remediation templates
- Continuous Improvement: Feedback loop for security process optimization