Constant Time Testing
Skill AktivConstant-time testing detects timing side channels in cryptographic code. Use when auditing crypto implementations for timing vulnerabilities.
To help developers and security auditors identify and mitigate timing side-channel vulnerabilities in cryptographic implementations.
Funktionen
- Detects timing side channels in crypto code
- Guides auditing for timing vulnerabilities
- Explains common violation patterns
- Recommends tools like dudect and timecop
Anwendungsfälle
- Auditing cryptographic libraries for timing leaks
- Reviewing code that handles sensitive keys or passwords
- Investigating potential timing vulnerabilities in crypto protocols
- Ensuring constant-time execution in custom crypto implementations
Nicht-Ziele
- Performing static analysis beyond timing aspects
- Acting as a formal verification tool itself
- Providing direct code fixes without user intervention
Trust
- warning:Issues Attention13 issues opened vs. 4 closed in the last 90 days indicates a low closure rate and potential for slow response times.
Installation
Zuerst Marketplace hinzufügen
/plugin marketplace add trailofbits/skills/plugin install testing-handbook-skills@trailofbitsQualitätspunktzahl
Vertrauenssignale
Ähnliche Erweiterungen
Soul Guardian
100Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Audit Dependency Versions
100Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.
Codex Diff Develop
100Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.
Senior Backend Engineer
100Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.
Investigate Capa Root Cause
100Investigate root causes and manage CAPAs (Corrective and Preventive Actions) for compliance deviations. Covers investigation method selection (5-Why, fishbone, fault tree), structured root cause analysis, corrective vs preventive action design, effectiveness verification, and trend analysis. Use when an audit finding requires a CAPA, when a deviation or incident occurs in a validated system, when a regulatory observation needs a formal response, when a data integrity anomaly requires investigation, or when recurring issues suggest a systemic root cause.
Toprank Weekly Review
100Run a weekly SEO review for one registered website, write audit artifacts, and choose the next best safe action.