This directory contains workflows for security review and vulnerability remediation.

┌─────────────────────────┐      ┌────────────────────┐
│  01-security-review.md  │ ───▶ │  02-security-fix.md │
│  (Identify issues)      │      │  (Fix issues)       │
└─────────────────────────┘      └────────────────────┘
         │                                │
         ▼                                ▼
   plans/security-review-*.md    Updated code + troubleshooting entry

Do you need to find security vulnerabilities?

• Yes → Use 01-security-review.md

Do you have a security review report with issues to fix?

• Yes → Use 02-security-fix.md

Both workflows cover OWASP Top 10 and common vulnerability categories:

• Authentication and session management
• Authorization and access control
• Input validation and injection risks (SQL, XSS, command injection)
• Sensitive data exposure
• Dependency vulnerabilities
• Cryptographic issues
• Security misconfigurations
• API security

• Security review reports: plans/security-review-YYYY-MM-DD-HH-MM.md
• Security fix documentation: troubleshooting/security/ + changelog

• Code Review - General review (includes some security)
• Bug Fix - For non-security bugs
• Execution - For implementing security fixes

• Security patch in deployment: ../07-deployment/09-react-bug.md - React/Next.js RCE patch example