{"id":"2b3ed33a-b237-4c99-9d73-8bc81e15e0c4","shortId":"Yry8ra","kind":"skill","title":"magento-security-analyst","tagline":"Conducts comprehensive Magento 2 security assessments and implements security measures. Use when auditing security, identifying vulnerabilities, implementing security controls, or ensuring compliance. Masters security auditing, vulnerability management, and compliance frameworks.","description":"# Magento 2 Security Analyst\n\nExpert specialist in conducting comprehensive security assessments and implementing robust security measures to protect e-commerce applications against threats while ensuring compliance with industry standards and regulations.\n\n## When to Use\n\n- Conducting security audits\n- Identifying vulnerabilities\n- Implementing security controls\n- Ensuring compliance (PCI DSS, GDPR)\n- Responding to security incidents\n- Hardening Magento installations\n\n## Security Assessment\n\n### Vulnerability Assessment\n- **Code Security Review**: Static and dynamic security code analysis\n- **Configuration Auditing**: Security configuration assessment and hardening\n- **Penetration Testing**: Systematic penetration testing and security validation\n- **Dependency Scanning**: Scan for vulnerable third-party dependencies\n- **Compliance Assessment**: PCI DSS, GDPR, and regulatory compliance evaluation\n\n### Threat Management\n- **Threat Modeling**: Systematic threat identification and risk assessment\n- **Attack Vector Analysis**: Analysis of potential attack vectors and exploitation paths\n- **Incident Response**: Security incident detection, response, and recovery\n- **Forensic Analysis**: Digital forensics and security incident investigation\n- **Threat Intelligence**: Integration of threat intelligence and security monitoring\n\n## Security Domains\n\n### Application Security\n- **Input Validation**: Comprehensive input validation and sanitization\n- **Output Encoding**: Proper output encoding and XSS prevention\n- **SQL Injection Prevention**: Parameterized queries and database security\n- **Authentication Security**: Secure authentication and session management\n- **Authorization Controls**: Proper access control and privilege management\n\n### Infrastructure Security\n- **Server Hardening**: Operating system and server security hardening\n- **Network Security**: Firewall configuration and network segmentation\n- **SSL/TLS Configuration**: Secure communication and certificate management\n- **Database Security**: Database access control and encryption\n- **File System Security**: File permissions and directory protection\n\n### Data Security\n- **Data Encryption**: Encryption at rest and in transit\n- **PII Protection**: Personal information protection and privacy\n- **Payment Security**: PCI DSS compliance and payment data protection\n- **Data Loss Prevention**: DLP implementation and data leakage prevention\n- **Backup Security**: Secure backup and disaster recovery procedures\n\n### E-commerce Security\n- **Payment Processing**: Secure payment gateway integration\n- **Customer Data Protection**: Customer information security and privacy\n- **Fraud Prevention**: Fraud detection and prevention systems\n- **Admin Security**: Administrative interface security hardening\n- **API Security**: REST and GraphQL API security implementation\n\n## Security Implementation\n\n### Secure Development\n- **Secure Coding Standards**: Implementation of secure coding practices\n- **Security Code Review**: Regular security-focused code reviews\n- **Vulnerability Testing**: Integration of security testing in development\n- **Security Training**: Developer security awareness and training\n- **Threat Modeling**: Integration of threat modeling in development\n\n### Access Management\n- **Principle of Least Privilege**: Minimal access rights implementation\n- **Multi-factor Authentication**: Strong authentication mechanisms\n- **Password Policies**: Strong password and credential management\n- **Session Management**: Secure session handling and timeout\n- **Account Monitoring**: User account monitoring and anomaly detection\n\n### Security Operations\n- **Continuous Monitoring**: 24/7 security monitoring and alerting\n- **Patch Management**: Systematic security patch management\n- **Vulnerability Management**: Ongoing vulnerability assessment and remediation\n- **Security Metrics**: Security KPI tracking and reporting\n- **Security Awareness**: Ongoing security awareness and training\n\n## Compliance & Regulatory\n\n### PCI DSS Compliance\n- **Cardholder Data Protection**: Secure handling of payment card data\n- **Network Security**: PCI-compliant network security implementation\n- **Access Control**: Strict access control for cardholder data\n- **Monitoring and Testing**: Continuous monitoring and security testing\n- **Information Security Policy**: PCI-compliant security policy development\n\n### GDPR Compliance\n- **Data Protection**: Personal data protection and privacy rights\n- **Consent Management**: Lawful basis and consent management\n- **Data Subject Rights**: Implementation of data subject rights\n- **Privacy by Design**: Privacy-focused system design and implementation\n- **Breach Notification**: Data breach detection and notification procedures\n\n## Security Best Practices\n\n### Code Security\n- **Input Validation**: Validate and sanitize all user input\n- **Output Escaping**: Escape all output in templates\n- **SQL Injection Prevention**: Use parameterized queries\n- **XSS Prevention**: Implement proper output encoding\n- **CSRF Protection**: Implement form key validation\n\n### Configuration Security\n- **Admin Path**: Change default admin path\n- **Secret Keys**: Use strong secret keys\n- **File Permissions**: Set proper file and directory permissions\n- **Error Reporting**: Disable error reporting in production\n- **Debug Mode**: Disable debug mode in production\n\n### Security Tools\n```bash\n# Security scan\nbin/magento security:scan\n\n# Check for security patches\ncomposer show magento/product-community-edition\n\n# Update security patches\ncomposer update magento/product-community-edition\n```\n\n## Incident Response\n\n### Incident Detection\n- **Automated Detection**: Automated and manual incident detection\n- **Response Procedures**: Structured incident response procedures\n- **Forensic Investigation**: Digital forensics and evidence collection\n- **Containment Strategies**: Incident containment and damage limitation\n- **Recovery Planning**: System recovery and business continuity\n\n## References\n\n- [Adobe Commerce Security](https://developer.adobe.com/commerce/php/development/security/)\n- [Security Best Practices](https://developer.adobe.com/commerce/php/best-practices/security/)\n- [PCI DSS Compliance](https://www.pcisecuritystandards.org/)\n\nFocus on creating comprehensive security solutions that protect against current threats while building resilient security architectures.","tags":["magento","security","analyst","magento2","agent","skills","maxnorm","agent-skills"],"capabilities":["skill","source-maxnorm","skill-magento-security-analyst","topic-agent-skills","topic-magento2"],"categories":["magento2-agent-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/maxnorm/magento2-agent-skills/magento-security-analyst","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add maxnorm/magento2-agent-skills","source_repo":"https://github.com/maxnorm/magento2-agent-skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 9 github stars · SKILL.md body (6,391 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:08:50.486Z","embedding":null,"createdAt":"2026-05-07T20:44:07.659Z","updatedAt":"2026-05-18T19:08:50.486Z","lastSeenAt":"2026-05-18T19:08:50.486Z","tsv":"'/)':705 '/commerce/php/best-practices/security/)':699 '/commerce/php/development/security/)':693 '2':8,36 '24/7':432 'access':219,251,389,396,486,489 'account':420,423 'admin':331,594,598 'administr':333 'adob':688 'alert':436 'analysi':102,148,149,166 'analyst':4,38 'anomali':426 'api':337,342 'applic':56,184 'architectur':721 'assess':10,45,91,93,107,128,145,447 'attack':146,152 'audit':17,29,72,104 'authent':209,212,402,404 'author':216 'autom':653,655 'awar':378,458,461 'backup':298,301 'bash':630 'basi':524 'best':555,695 'bin/magento':633 'breach':546,549 'build':718 'busi':685 'card':476 'cardhold':469,492 'certif':246 'chang':596 'check':636 'code':94,101,350,355,358,364,557 'collect':672 'commerc':55,308,689 'communic':244 'complianc':26,33,61,79,127,134,284,464,468,512,702 'compliant':482,507 'compos':640,646 'comprehens':6,43,188,709 'conduct':5,42,70 'configur':103,106,237,242,592 'consent':521,526 'contain':673,676 'continu':430,497,686 'control':23,77,217,220,252,487,490 'creat':708 'credenti':411 'csrf':586 'current':715 'custom':316,319 'damag':678 'data':263,265,287,289,295,317,470,477,493,513,516,528,533,548 'databas':207,248,250 'debug':621,624 'default':597 'depend':118,126 'design':538,543 'detect':161,327,427,550,652,654,659 'develop':348,373,376,388,510 'developer.adobe.com':692,698 'developer.adobe.com/commerce/php/best-practices/security/)':697 'developer.adobe.com/commerce/php/development/security/)':691 'digit':167,668 'directori':261,612 'disabl':616,623 'disast':303 'dlp':292 'domain':183 'dss':81,130,283,467,701 'dynam':99 'e':54,307 'e-commerc':53,306 'encod':194,197,585 'encrypt':254,266,267 'ensur':25,60,78 'error':614,617 'escap':568,569 'evalu':135 'evid':671 'expert':39 'exploit':155 'factor':401 'file':255,258,606,610 'firewal':236 'focus':363,541,706 'forens':165,168,666,669 'form':589 'framework':34 'fraud':324,326 'gateway':314 'gdpr':82,131,511 'graphql':341 'handl':417,473 'harden':87,109,227,233,336 'identif':142 'identifi':19,73 'implement':12,21,47,75,293,344,346,352,398,485,531,545,582,588 'incid':86,157,160,171,649,651,658,663,675 'industri':63 'inform':276,320,502 'infrastructur':224 'inject':202,575 'input':186,189,559,566 'instal':89 'integr':175,315,368,383 'intellig':174,178 'interfac':334 'investig':172,667 'key':590,601,605 'kpi':453 'law':523 'leakag':296 'least':393 'limit':679 'loss':290 'magento':2,7,35,88 'magento-security-analyst':1 'magento/product-community-edition':642,648 'manag':31,137,215,223,247,390,412,414,438,442,444,522,527 'manual':657 'master':27 'measur':14,50 'mechan':405 'metric':451 'minim':395 'mode':622,625 'model':139,382,386 'monitor':181,421,424,431,434,494,498 'multi':400 'multi-factor':399 'network':234,239,478,483 'notif':547,552 'ongo':445,459 'oper':228,429 'output':193,196,567,571,584 'parameter':204,578 'parti':125 'password':406,409 'patch':437,441,639,645 'path':156,595,599 'payment':280,286,310,313,475 'pci':80,129,282,466,481,506,700 'pci-compli':480,505 'penetr':110,113 'permiss':259,607,613 'person':275,515 'pii':273 'plan':681 'polici':407,504,509 'potenti':151 'practic':356,556,696 'prevent':200,203,291,297,325,329,576,581 'principl':391 'privaci':279,323,519,536,540 'privacy-focus':539 'privileg':222,394 'procedur':305,553,661,665 'process':311 'product':620,627 'proper':195,218,583,609 'protect':52,262,274,277,288,318,471,514,517,587,713 'queri':205,579 'recoveri':164,304,680,683 'refer':687 'regul':66 'regular':360 'regulatori':133,465 'remedi':449 'report':456,615,618 'resili':719 'respond':83 'respons':158,162,650,660,664 'rest':269,339 'review':96,359,365 'right':397,520,530,535 'risk':144 'robust':48 'sanit':192,563 'scan':119,120,632,635 'secret':600,604 'secur':3,9,13,18,22,28,37,44,49,71,76,85,90,95,100,105,116,159,170,180,182,185,208,210,211,225,232,235,243,249,257,264,281,299,300,309,312,321,332,335,338,343,345,347,349,354,357,362,370,374,377,415,428,433,440,450,452,457,460,472,479,484,500,503,508,554,558,593,628,631,634,638,644,690,694,710,720 'security-focus':361 'segment':240 'server':226,231 'session':214,413,416 'set':608 'show':641 'skill' 'skill-magento-security-analyst' 'solut':711 'source-maxnorm' 'specialist':40 'sql':201,574 'ssl/tls':241 'standard':64,351 'static':97 'strategi':674 'strict':488 'strong':403,408,603 'structur':662 'subject':529,534 'system':229,256,330,542,682 'systemat':112,140,439 'templat':573 'test':111,114,367,371,496,501 'third':124 'third-parti':123 'threat':58,136,138,141,173,177,381,385,716 'timeout':419 'tool':629 'topic-agent-skills' 'topic-magento2' 'track':454 'train':375,380,463 'transit':272 'updat':643,647 'use':15,69,577,602 'user':422,565 'valid':117,187,190,560,561,591 'vector':147,153 'vulner':20,30,74,92,122,366,443,446 'www.pcisecuritystandards.org':704 'www.pcisecuritystandards.org/)':703 'xss':199,580","prices":[{"id":"cb709479-0fea-43a4-91e5-44f6d1b8802e","listingId":"2b3ed33a-b237-4c99-9d73-8bc81e15e0c4","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"maxnorm","category":"magento2-agent-skills","install_from":"skills.sh"},"createdAt":"2026-05-07T20:44:07.659Z"}],"sources":[{"listingId":"2b3ed33a-b237-4c99-9d73-8bc81e15e0c4","source":"github","sourceId":"maxnorm/magento2-agent-skills/magento-security-analyst","sourceUrl":"https://github.com/maxnorm/magento2-agent-skills/tree/main/skills/magento-security-analyst","isPrimary":false,"firstSeenAt":"2026-05-18T13:14:29.798Z","lastSeenAt":"2026-05-18T19:08:50.486Z"},{"listingId":"2b3ed33a-b237-4c99-9d73-8bc81e15e0c4","source":"skills_sh","sourceId":"maxnorm/magento2-agent-skills/magento-security-analyst","sourceUrl":"https://skills.sh/maxnorm/magento2-agent-skills/magento-security-analyst","isPrimary":true,"firstSeenAt":"2026-05-07T20:44:07.659Z","lastSeenAt":"2026-05-07T22:42:37.171Z"}],"details":{"listingId":"2b3ed33a-b237-4c99-9d73-8bc81e15e0c4","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"maxnorm","slug":"magento-security-analyst","github":{"repo":"maxnorm/magento2-agent-skills","stars":9,"topics":["agent-skills","magento2"],"license":"mit","html_url":"https://github.com/maxnorm/magento2-agent-skills","pushed_at":"2026-01-24T16:45:35Z","description":"A collection of specialized agent skills for Magento 2 development, designed to provide domain expertise across all aspects of Magento/Adobe Commerce development workflows. ","skill_md_sha":"c688cace97ec87895bb472df8944b82151acf9ed","skill_md_path":"skills/magento-security-analyst/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/maxnorm/magento2-agent-skills/tree/main/skills/magento-security-analyst"},"layout":"multi","source":"github","category":"magento2-agent-skills","frontmatter":{"name":"magento-security-analyst","description":"Conducts comprehensive Magento 2 security assessments and implements security measures. Use when auditing security, identifying vulnerabilities, implementing security controls, or ensuring compliance. Masters security auditing, vulnerability management, and compliance frameworks."},"skills_sh_url":"https://skills.sh/maxnorm/magento2-agent-skills/magento-security-analyst"},"updatedAt":"2026-05-18T19:08:50.486Z"}}