安全性

Perform comprehensive code reviews with best practices, security checks, and constructive feedback. Use when reviewing pull requests, analyzing code quality, checking for security vulnerabilities, or providing code improvement suggestions.

Implement Zero Trust security model with identity verification, microsegmentation, least privilege access, and continuous monitoring. Use when building secure cloud-native applications.

Structured workflow for infrastructure security audits including compliancevalidation, vulnerability assessment, and security posture review.

Implement secure session management systems with JWT tokens, session storage, token refresh, logout handling, and CSRF protection. Use when managing user authentication state, handling token lifecycle, and securing sessions.

Develop production-grade Django applications with models, views, ORM queries, authentication, and admin interfaces. Use when building web applications, managing databases with Django ORM, and implementing authentication systems.

Configure Nginx web server for high-performance reverse proxy, load balancing, SSL/TLS, caching, and API gateway functionality.

Manage project dependencies across languages including npm install, package versioning, dependency conflicts, security scanning, and lock files. Use when dealing with dependencies, version pinning, semantic versioning, or resolving conflicts.

Manage SSL/TLS certificates with automated provisioning, renewal, and monitoring using Let's Encrypt, ACM, or Vault.

Implement automated secrets rotation for API keys, credentials, certificates, and encryption keys. Use when managing secrets lifecycle, compliance requirements, or security hardening.

Create optimized Docker containers with multi-stage builds, security best practices, and minimal image sizes. Use when containerizing applications, creating Dockerfiles, optimizing container images, or setting up Docker Compose services.

Build enterprise Spring Boot applications with annotations, dependency injection, data persistence, REST controllers, and security. Use when developing Spring applications, managing beans, implementing services, and configuring Spring Boot projects.

Launch and configure EC2 instances with security groups, IAM roles, key pairs, AMIs, and auto-scaling. Use for virtual servers and managed infrastructure.

Implement secure file upload handling with validation, virus scanning, storage management, and serving files efficiently. Use when building file upload features, managing file storage, and implementing file download systems.

Create and execute incident response procedures for security breaches, data leaks, and cyber attacks. Use when handling security incidents, creating response playbooks, or conducting forensic analysis.

Work with modern cryptographic primitives including AES, RSA, elliptic curves, and key derivation functions. Use this skill when implementing or breaking modern encryption schemes in CTF challenges.

Apply cryptanalysis techniques to break ciphers without knowing the key. Use this skill when performing known-plaintext attacks, chosen-plaintext attacks, or statistical analysis to recover encryption keys.

Handle API authentication. Use for Bearer tokens, API keys, OAuth, or Basic auth in requests.

UEFI Secure Boot configuration and key management. Use when signing boot loaders, managing Secure Boot keys, or creating UEFI-compatible bootable media with signature verification.

Guide for SELinux (Security-Enhanced Linux) security framework. Use when configuring mandatory access controls, troubleshooting permission denials, creating custom policies, or managing security contexts. Covers modes, contexts, booleans, and policy management.

Make HTTP requests to REST APIs with authentication, handle responses, and manage pagination. Use when connecting to external APIs, fetching data from CRM systems, syncing records between services, or implementing OAuth/API key authentication flows.