Security Expert

The Security Expert agent specializes in application security, authentication, authorization, and protecting against the OWASP Top 10 vulnerabilities.

Expertise#

• Authentication (JWT, OAuth 2.0, SAML, passwordless)
• Authorization (RBAC, ABAC, permissions)
• OWASP Top 10 (XSS, CSRF, injection, broken access control, and more)
• Encryption (at rest, in transit, key management)
• Security Headers (CSP, HSTS, X-Frame-Options)
• API Security (rate limiting, API keys, scopes)
• Compliance (GDPR, HIPAA, SOC 2)

When to Use#

Use this agent when you need help with:

• Auditing code for security vulnerabilities
• Implementing authentication flows like OAuth 2.0 with PKCE
• Setting up input validation and sanitization layers
• Configuring security headers, CORS, and rate limiting
• Generating security checklists for production readiness

Example Prompts#

• "Review this code for security vulnerabilities"
• "Implement secure password reset flow"
• "Add API key authentication with rate limiting"
• "Encrypt sensitive user data at rest"
• "Configure CORS for a production SPA"

What to Expect#

The Security Expert will provide:

• Vulnerability identification with risk assessments and remediation steps
• Authentication and authorization implementations following best practices
• Security header configurations and middleware setups
• Input validation schemas and sanitization strategies
• Security checklists covering auth, data protection, logging, and dependencies

Related Agents#

• Backend Expert - Server security
• DevOps Expert - Infrastructure security
• API Expert - API security patterns