Code Audit

A variant analysis skill that helps security researchers find similar vulnerabilities across a codebase after discovering an initial bug. It provides a structured methodology for pattern-based searching, ready-to-use Semgrep rule templates for multiple languages (Python, JavaScript, Java, Go, C++), and documentation templates for tracking findings.

A comprehensive guide for auditing cryptographic code for timing side-channel vulnerabilities. It covers constant-time testing theory, common vulnerability patterns like secret-dependent branches and cache-timing attacks, and provides practical workflows using tools like dudect for statistical analysis and timecop for dynamic tracing.