ldy26098
/
BMAD-METHOD
mirror of https://github.com/bmad-code-org/BMAD-METHOD.git
1
0
Fork 0
Code Packages Projects Releases Wiki Activity
BMAD-METHOD/bmad-agent/tasks/security-analysis-task.md

414 lines
12 KiB
Markdown
Raw Blame History

# Security Analysis Task
## Task Overview
**Task Name:** Security Analysis Task
**Category:** Security Assessment
**Complexity:** High
**Estimated Duration:** 4-8 hours
**Prerequisites:** System architecture documentation, codebase access
## Task Description
Conduct comprehensive security analysis across multiple technology stacks to identify vulnerabilities, assess security posture, and provide actionable remediation guidance.
## Task Objectives
1. **Vulnerability Assessment:** Identify security vulnerabilities across all system components
2. **Risk Analysis:** Assess security risks and their potential business impact
3. **Compliance Verification:** Ensure adherence to security standards and regulations
4. **Remediation Planning:** Provide detailed remediation strategies and implementation guidance
## Task Phases
### Phase 1: Security Architecture Review (1-2 hours)
**Objective:** Analyze system architecture for security design patterns and potential weaknesses
**Activities:**
1. **Threat Modeling**
- Identify system assets and data flows
- Map potential attack vectors and threat actors
- Create threat model diagrams and documentation
2. **Architecture Security Assessment**
- Review authentication and authorization mechanisms
- Analyze data protection and encryption strategies
- Evaluate network security and access controls
**Deliverables:**
- Threat model documentation
- Architecture security assessment report
- Security design recommendations
### Phase 2: Code Security Analysis (2-3 hours)
**Objective:** Perform static and dynamic analysis of application code for security vulnerabilities
**Activities:**
1. **Static Code Analysis**
- Automated security scanning using tools (SonarQube, Checkmarx, Semgrep)
- Manual code review for security anti-patterns
- Dependency vulnerability assessment
2. **Dynamic Security Testing**
- Runtime security testing and vulnerability scanning
- API security testing and validation
- Input validation and sanitization testing
**Deliverables:**
- Static analysis security report
- Dynamic testing results
- Vulnerability prioritization matrix
### Phase 3: Infrastructure Security Assessment (1-2 hours)
**Objective:** Evaluate infrastructure security configuration and compliance
**Activities:**
1. **Network Security Review**
- Firewall configuration analysis
- Network segmentation assessment
- SSL/TLS configuration validation
2. **Cloud Security Assessment**
- IAM policies and access control review
- Resource configuration security analysis
- Compliance posture assessment
**Deliverables:**
- Infrastructure security assessment report
- Configuration security recommendations
- Compliance gap analysis
### Phase 4: Security Remediation Planning (1 hour)
**Objective:** Develop comprehensive remediation strategy with prioritized action items
**Activities:**
1. **Risk Prioritization**
- Vulnerability severity assessment
- Business impact analysis
- Remediation effort estimation
2. **Remediation Strategy Development**
- Short-term and long-term remediation plans
- Resource allocation recommendations
- Implementation timeline development
**Deliverables:**
- Prioritized vulnerability list
- Remediation roadmap
- Implementation guidance documentation
## Technology-Specific Security Checks
### Frontend Security (React/TypeScript)
```typescript
// Security Analysis Checklist
const frontendSecurityChecks = {
// XSS Prevention
xssProtection: {
checks: [
'Content Security Policy implementation',
'Input sanitization using DOMPurify',
'Secure innerHTML usage patterns',
'Template injection prevention'
],
tools: ['ESLint security plugin', 'JSHint security rules']
},
// Authentication Security
authSecurity: {
checks: [
'Secure token storage (httpOnly cookies)',
'JWT token validation and expiration',
'Session management security',
'OAuth 2.0 implementation security'
],
implementation: `
// Secure authentication pattern
const useSecureAuth = () => {
const [authState, setAuthState] = useState({
isAuthenticated: false,
user: null
});
const login = async (credentials) => {
try {
const response = await fetch('/api/auth/login', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(credentials),
credentials: 'include' // Include httpOnly cookies
});
if (response.ok) {
const userData = await response.json();
setAuthState({ isAuthenticated: true, user: userData });
}
} catch (error) {
console.error('Authentication error:', error);
}
};
return { authState, login };
};
`
},
// Data Protection
dataProtection: {
checks: [
'Sensitive data encryption in transit',
'Local storage security patterns',
'Form data validation and sanitization',
'API communication security'
]
}
};
```
### Backend Security (Node.js/Python/.NET)
```javascript
// Node.js Security Analysis
const backendSecurityChecks = {
// Input Validation
inputValidation: {
checks: [
'SQL injection prevention (parameterized queries)',
'NoSQL injection prevention',
'Command injection prevention',
'Path traversal prevention'
],
example: `
// Secure database query
const getUserById = async (userId) => {
// Use parameterized query to prevent SQL injection
const query = 'SELECT * FROM users WHERE id = $1';
const result = await db.query(query, [userId]);
return result.rows[0];
};
// Input validation middleware
const validateInput = (schema) => (req, res, next) => {
const { error } = schema.validate(req.body);
if (error) {
return res.status(400).json({
error: error.details[0].message
});
}
next();
};
`
},
// Authentication & Authorization
authSecurity: {
checks: [
'JWT token security implementation',
'Password hashing and salting',
'Session management security',
'Role-based access control'
],
example: `
// Secure password hashing
const bcrypt = require('bcrypt');
const saltRounds = 12;
const hashPassword = async (password) => {
return await bcrypt.hash(password, saltRounds);
};
// JWT token verification
const verifyToken = (req, res, next) => {
const token = req.headers.authorization?.split(' ')[1];
if (!token) {
return res.status(401).json({ error: 'Access denied' });
}
try {
const decoded = jwt.verify(token, process.env.JWT_SECRET);
req.user = decoded;
next();
} catch (error) {
res.status(400).json({ error: 'Invalid token' });
}
};
`
},
// Security Headers
securityHeaders: {
checks: [
'Helmet.js security headers implementation',
'CORS configuration security',
'Rate limiting implementation',
'HTTPS enforcement'
]
}
};
```
### Database Security
```sql
-- Database Security Analysis
-- 1. Access Control Review
SELECT
user,
host,
authentication_string,
password_expired,
account_locked
FROM mysql.user;
-- 2. Privilege Audit
SHOW GRANTS FOR 'app_user'@'localhost';
-- 3. Encryption Status Check
SHOW VARIABLES LIKE 'have_ssl';
SHOW STATUS LIKE 'Ssl_cipher';
-- 4. Audit Log Configuration
SELECT
variable_name,
variable_value
FROM performance_schema.global_variables
WHERE variable_name LIKE 'audit%';
-- 5. Secure Configuration Validation
SELECT @@sql_mode;
SELECT @@local_infile;
SELECT @@secure_file_priv;
```
## Security Tools Integration
### Automated Security Scanning Tools
1. **Static Analysis Tools**
- SonarQube Security Rules
- Checkmarx SAST
- Semgrep Security Rules
- ESLint Security Plugin
2. **Dependency Scanning Tools**
- npm audit / yarn audit
- Snyk vulnerability scanning
- OWASP Dependency Check
- GitHub Security Advisories
3. **Dynamic Testing Tools**
- OWASP ZAP
- Burp Suite
- Nessus vulnerability scanner
- Qualys Web Application Scanning
### Security Monitoring Tools
1. **SIEM Integration**
- Splunk security monitoring
- ELK Stack security analytics
- Azure Sentinel
- AWS CloudTrail analysis
2. **Runtime Security**
- Application performance monitoring
- Runtime application self-protection (RASP)
- Container security monitoring
- API security monitoring
## Compliance Framework Integration
### OWASP Top 10 Compliance
1. **Injection Vulnerabilities**
- SQL injection prevention
- NoSQL injection prevention
- Command injection prevention
- LDAP injection prevention
2. **Broken Authentication**
- Multi-factor authentication implementation
- Session management security
- Password policy enforcement
- Account lockout mechanisms
3. **Sensitive Data Exposure**
- Data encryption at rest and in transit
- Secure key management
- Data classification and handling
- Privacy protection measures
### Regulatory Compliance
1. **GDPR Compliance**
- Data protection impact assessments
- Privacy by design implementation
- Data subject rights implementation
- Consent management systems
2. **SOC 2 Compliance**
- Security control implementation
- Availability and processing integrity
- Confidentiality protection measures
- Privacy protection controls
## Quality Assurance Integration
### Security Testing Integration
1. **Unit Testing**
- Security function unit tests
- Input validation testing
- Authentication mechanism testing
- Authorization logic testing
2. **Integration Testing**
- End-to-end security flow testing
- API security testing
- Cross-component security testing
- Third-party integration security
3. **Performance Testing**
- Security control performance impact
- Load testing with security measures
- Stress testing security boundaries
- Scalability with security controls
## Reporting and Documentation
### Security Assessment Report Structure
1. **Executive Summary**
- Overall security posture assessment
- Critical findings and recommendations
- Risk assessment summary
- Compliance status overview
2. **Technical Findings**
- Detailed vulnerability descriptions
- Proof of concept demonstrations
- Risk ratings and CVSS scores
- Technical remediation guidance
3. **Remediation Roadmap**
- Prioritized action items
- Implementation timelines
- Resource requirements
- Success metrics and validation
### Continuous Monitoring Dashboard
1. **Security Metrics**
- Vulnerability trend analysis
- Security control effectiveness
- Incident response metrics
- Compliance posture tracking
2. **Risk Indicators**
- Security risk heat maps
- Threat intelligence integration
- Predictive risk analytics
- Business impact assessments
## Success Criteria
- **Vulnerability Detection:** 95% of critical vulnerabilities identified
- **Risk Assessment Accuracy:** 90% accurate risk prioritization
- **Remediation Effectiveness:** 85% of remediated vulnerabilities stay fixed
- **Compliance Achievement:** 100% compliance with required standards
- **Team Security Awareness:** 90% improvement in security knowledge
## Integration with BMAD Method
- **Orchestrator Integration:** Seamless task routing and execution
- **Quality Framework:** Integration with quality validation processes
- **Cross-Persona Collaboration:** Coordination with Architect, Developer, and DevOps personas
- **Template Integration:** Use of security assessment and remediation templates
- **Continuous Improvement:** Feedback loop for security process optimization
View Git Blame Copy Permalink