Domain 12 / 12

Data & Threats security audit

Protect data end to end and defend against account takeover, ransomware and modern threat vectors.

  • 46 checks
  • Leaks · ATO · Ransomware · Supply chain · Email

Run the audit See example checks

What securmyapp checks

Inside the Data & Threats domain

This is the Data & Threats domain of securmyapp — the free, open-source, 100% defensive security auditor for Claude Code that runs 598 checks across 12 domains. The Data & Threats domain protects sensitive data and defends against the threats that target it. securmyapp verifies data classification and minimization, encryption at rest and response masking, then hardens against account takeover (ATO), session/cookie/token theft, ransomware and email-borne attacks — tying together the controls that keep a breach from becoming a catastrophe.

Coverage areas

46 atomic checks span these sub-domains.

  • Data protection

    Classification, minimization and encryption of sensitive data at rest.

  • Leak prevention

    DLP controls and masking of PII in API responses.

  • Account takeover

    MFA, anomaly detection and login alerts against ATO.

  • Session & token theft

    Secure cookies, session binding and short-lived scoped tokens.

  • Ransomware

    Immutable backups, segmentation and least privilege.

  • Email

    SPF/DKIM/DMARC and anti-phishing defenses.

Example checks

A sample of the real checks run in this domain — each mapped to a standard and a fix.

Example Data & Threats security checks with severity, what they detect, and their standard reference.
CheckSeverityDetectsReference
Encryption of sensitive data at restHighUnencrypted PII and financial data.ASVS V14 · NIST SC-28 · A02:2021
Protection against account takeover (ATO)HighInsufficient ATO defenses (no MFA or anomaly detection).A07:2021 · MITRE T1078/T1110
Protection against cookie theftHighExfiltratable cookies missing HttpOnly/Secure/SameSite + CSP.CWE-1004 · ASVS V3
Masking of sensitive data in responsesHighPII over-exposed in API responses (BOPLA).API3:2023 · CWE-200
Anti-ransomware defenseHighLack of defense in depth against encryption & extortion.MITRE T1486 · NIST CP-9
Protection against token/API key theftHighLong-lived or exposed tokens enabling prolonged access.API2:2023 · MITRE T1552

Vulnerabilities we catch

  • Unencrypted PII and financial data at rest
  • Excessive data exposure and PII leakage through APIs
  • Account takeover from weak MFA and no anomaly detection
  • Session, cookie and token theft vectors
  • Missing anti-ransomware defense in depth
  • Email spoofing from absent SPF/DKIM/DMARC

How remediation works and standards

Detect → explain → fix → verify

How remediation works here

Every finding in this domain is explained in plain language with its reference, fixed with a concrete change to the exact file and line, committed as a reversible Git commit, then re-checked in a real browser against a healthy baseline — so a security fix never breaks your app.

Standards behind this domain

Mapped to recognized references

  • OWASP WSTG
  • OWASP ASVS 5.0
  • OWASP API Top 10
  • OWASP MASVS 2.1
  • CIS Benchmarks
  • MITRE ATT&CK
  • CWE

FAQ

Data & Threats — questions & answers

What threats does this domain defend against?

Data leaks, account takeover (ATO), theft of secrets/tokens/cookies, session hijacking, ransomware and email-borne attacks — mapped to OWASP, CWE and MITRE ATT&CK techniques.

How does it protect against ransomware?

It checks for defense in depth: immutable, air-gapped backups (3-2-1), network segmentation, least privilege and endpoint protection — so encryption and extortion cannot succeed.

Does it cover email security?

Yes. It verifies SPF, DKIM and DMARC alignment and anti-phishing controls, since email remains a primary vector for account compromise and fraud.

Get started

Audit your app in the next five minutes

Clone the skill into ~/.claude/skills/, then ask Claude to audit your app (or type /securmyapp). The full audit starts on its own.

Install — one command
git clone https://github.com/mafady/securmyapp ~/.claude/skills/securmyapp

View on GitHub Browse the domains

New to Claude Code? Follow the step-by-step getting started guide.

Requires Node.js 18+, Claude Code, and a paid Claude subscription. Semgrep & Playwright recommended.