audit: OWASP Top 10 security review

[Snider]

Security Audit: OWASP Top 10

Perform a comprehensive security audit focusing on OWASP Top 10 vulnerabilities.

Scope

Check for:

1. A01:2021 Broken Access Control - Authorization flaws, privilege escalation
2. A02:2021 Cryptographic Failures - Weak crypto, exposed secrets
3. A03:2021 Injection - SQL, NoSQL, OS, LDAP injection
4. A04:2021 Insecure Design - Missing security controls
5. A05:2021 Security Misconfiguration - Default configs, verbose errors
6. A06:2021 Vulnerable Components - Outdated dependencies
7. A07:2021 Auth Failures - Weak passwords, session issues
8. A08:2021 Data Integrity Failures - Deserialization, CI/CD
9. A09:2021 Logging Failures - Missing audit logs
10. A10:2021 SSRF - Server-side request forgery

Output

Save findings to AUDIT-OWASP.md in repository root.

Format

# OWASP Top 10 Security Audit

## Summary
X critical, Y high, Z medium findings

## Findings by Category

### A01: Broken Access Control
- Finding 1...
- Finding 2...

### A02: Cryptographic Failures
...

Be thorough. Check every endpoint, every input, every auth flow.

[google-labs-jules]

Jules is on it. When finished, you will see another comment and be able to review a PR.

[google-labs-jules]

Ready for a review! A PR has been created.