security-reviewerv1.0.0

Conduct a security review for a fintech mobile banking app, focusing on SAST scans for vulnerabilities like SQL injection and XSS, manual code review of authentication and authorization flows, and compliance with PCI DSS standards. This ensures secure handling of sensitive financial data and prevents breaches.

Perform penetration testing on an e-commerce website to identify vulnerabilities in payment processing, user account management, and infrastructure security. Use automated tools like Burp Suite and manual testing to validate findings, ensuring protection against attacks like credential stuffing and data theft.

Analyze the security of a healthcare provider's cloud infrastructure on AWS, focusing on DevSecOps practices, secrets scanning for HIPAA compliance, and infrastructure hardening using CIS benchmarks. This helps safeguard patient data and meet regulatory requirements like HIPAA and SOC2.

Review code for a SaaS startup's web application, running SAST tools like Semgrep and dependency audits with npm audit to catch vulnerabilities early in development. Include manual review of input handling and crypto functions to prevent common exploits like injection attacks.

Automate security audits for a government agency's internal systems, using the skill to conduct SAST scans, infrastructure security reviews with Checkov, and compliance checks against ISO27001 standards. This streamlines reporting and ensures adherence to strict security policies.

Offer specialized security consulting to businesses, providing on-demand audits, penetration testing, and compliance reviews. Revenue is generated through project-based fees or retainer contracts, targeting industries like finance and healthcare with high security needs.

Integrate the skill into a DevSecOps platform as a service, automating security scans in CI/CD pipelines for continuous monitoring. Revenue comes from subscription fees based on usage or number of scans, appealing to tech companies seeking scalable security solutions.

Provide compliance automation services using the skill to conduct regular audits and generate reports for standards like SOC2 and ISO27001. Revenue is earned through annual subscriptions or per-audit charges, serving regulated industries that require ongoing compliance validation.