Security & Testing Habilidades de Claude

Vitest 3 Master & Best Practices

Optimizes test suites with expert guidance on Vitest 3.x features, including the Annotation API, enhanced mocking, and workspace configurations.

Git Security 2025

Enforces modern Git security protocols including signed commits, zero-trust workflows, and proactive secret scanning.

Microsoft Defender for DevOps Integration

Integrates comprehensive security scanning into Azure Pipelines using Microsoft Defender for Cloud to automate vulnerability detection.

GitHub AI & Security Workflows 2025

Implements high-velocity trunk-based development and AI-driven security scanning for modern GitHub repositories.

Vibe Coder QA

Automates the UI testing workflow by using screenshots and Claude Vision to identify layout issues and visual bugs without writing test code.

Vision QA Workflow

Automates visual quality assurance by capturing and analyzing screenshots across web and mobile platforms using Claude's vision capabilities.

Security Testing Patterns

Implements comprehensive security testing strategies including SAST, DAST, and vulnerability assessments to secure applications throughout the development lifecycle.

AppSec Smart Security Orchestrator

Automatically detects project tech stacks and executes a comprehensive parallel security analysis using relevant scanners and AI subagents.

Regulatory Compliance & Privacy Auditor

Analyzes source code for privacy regulation violations including GDPR, CCPA, and HIPAA non-compliance.

AppSec Glossary

Provides instant definitions and framework mappings for application security terms and vulnerability classes.

Secrets Detection & Security Scanning

Identifies and remediates hardcoded credentials, API keys, and sensitive tokens across source code and git history.

Business Logic Security Auditor

Analyzes application workflows and business rules to identify logic-based security vulnerabilities that automated scanners often miss.

Denial of Service (DoS) Analysis

Scans source code to identify and mitigate vulnerabilities that could lead to service disruptions or resource exhaustion.

AppSec Plan Reviewer

Analyzes implementation plans and architecture designs to identify security vulnerabilities before a single line of code is written.

PASTA Risk & Impact Analysis

Calculates business-weighted risk scores and generates prioritized remediation roadmaps for the PASTA threat modeling framework.

Privacy Unawareness Analysis

Identifies and audits source code for privacy threats related to undisclosed data collection, missing consent mechanisms, and transparency gaps.

Injection Security Analysis

Audits source code for SQL, NoSQL, and command injection vulnerabilities to align with OWASP Top 10 security standards.

Data Flow Security Mapper

Traces application data from input sources to storage sinks to identify security vulnerabilities and trust boundary violations.

Systematic Debugging

Enforces a rigorous, four-phase methodology to identify root causes and implement reliable fixes for software bugs.

Race Condition Security Auditor

Analyzes source code to detect and remediate complex concurrency vulnerabilities like TOCTOU, double-spend bugs, and non-atomic operations.

Golang Mockery Generator

Automates the creation and management of Golang interface mocks using mockery and go:generate to ensure consistent unit testing.

PASTA Attack Simulator

Simulates realistic exploit chains and scores vulnerability exploitability using the PASTA threat modeling framework.

Identifiability Analysis

Analyzes source code and data structures to detect PII exposure and re-identification risks in anonymized datasets.

Privilege Escalation Security Auditor

Identifies authorization vulnerabilities and privilege escalation paths within your source code using the STRIDE threat modeling framework.

Verification Before Completion

Enforces rigorous verification and evidence-based reporting before any task or code change is marked as complete.

Agent Skill Evaluator

Performs comprehensive security and safety assessments of agent skills and MCP servers to identify prompt injection risks, malicious code, and data exfiltration attempts.

Personal Data Disclosure Auditor

Audits source code to identify and mitigate unauthorized personal data (PII) exposure in logs, APIs, and third-party integrations.

PASTA Stage 2: Technical Scope Mapping

Maps application attack surfaces and technical boundaries to create comprehensive data flow diagrams for threat modeling.

Serverless Security Audit

Analyzes serverless applications for security vulnerabilities including overprivileged IAM policies, event injection, and insecure configuration.

PASTA Vulnerability Analysis

Identifies security weaknesses and maps vulnerabilities to CWE identifiers using the PASTA threat modeling methodology.