A team of Claude Code sub-agents that enforce security across the full SDLC, from ASVS requirements and threat modelling to SAST triage, IaC review, compliance attestation and release sign-off. Drop into any project. No security team required.

Personal AppSec engineering handbook: secure SDLC, DevSecOps, threat modeling, framework mappings, architecture patterns, tooling evaluation, finding writeups.

Secure CI/CD Pipeline for PCI-DSS Compliance | Demonstrates DevSecOps best practices with automated security scanning (SAST), secrets management, and Zero Trust architecture using AWS CodePipeline, Terraform, and Checkov | Multi-account AWS deployment with KMS encryption and manual approval gates | Requirements 6.2 & 6.3 compliant

Maven core extension for Java AppSec and DevSecOps build checks

Gradle convention plugin for Java AppSec and DevSecOps build checks

A comprehensive architectural framework for integrating security into the SDLC. Featuring an interactive 12-step execution model, threat modeling methodologies (STRIDE), and DevSecOps best practices. Security is not a feature; it is the foundation

AI-Augmented Settlement Infrastructure & Governance Framework. High-Throughput (10k+ TPS) engine implementing Transactional Outbox, Event Sourcing (Marten), and strict AI Risk Management. Designed for 99.99% availability, absolute financial integrity, and PII-safe LLM integration under FINMA/DORA constraints.

Cloud-focused SAST and DAST assessment of a containerized application, highlighting secure configuration, runtime risk, and remediation practices aligned with DevSecOps.

Notes and resources focused on Security by Design, threat modeling and secure application practices.

.NET 10 secure coding examples demonstrating OWASP risks, insecure vs secure patterns, SQL injection prevention, password hashing, mass assignment protection, and secure API engineering.

Secure SDLC and DevSecOps pipeline project demonstrating CI/CD security, dependency scanning, secret detection, container security, and secure software delivery practices in .NET 10.

Secure SDLC case study of a blockchain-based food supply chain system: development, research publication, and application-security reassessment.

Healthcare threat modeling project using STRIDE, OWASP, ISO 27001, and NIST CSF to analyze risks, trust boundaries, mitigations, and security requirements.

Implementação de um sistema seguro de reserva de salas (Secure SDLC) envolvendo planejamento ágil, arquitetura DevOps, modelagem de ameaças e containerização com Docker e volumes persistentes.

Cyber-Risk Sentinel RiskLab é um projeto de estudo, documentação e experimentação em cibersegurança defensiva, com foco em análise de riscos, vulnerabilidades simuladas, eventos fictícios de segurança, controles defensivos e planos de mitigação.

Secure healthcare API security demo in .NET 10 demonstrating JWT authentication, RBAC, audit logging, HIPAA-inspired access controls, secure middleware, and OWASP API Security concepts.

Secure .NET 10 API foundation demonstrating AppSec, secure engineering, JWT auth, RBAC, audit logging, secure middleware, and regulated-system API design.