# Security Context MCP Server - Features
## Overview
This MCP server acts as your personal security expert, providing instant access to authoritative security documentation from leading cybersecurity organizations.
## Core Capabilities
### 1. Natural Language Security Search
Query the knowledge base using plain English questions. The server uses TF-IDF semantic search to find the most relevant documentation.
**Example queries:**
- "How do I prevent SQL injection attacks?"
- "What is defense in depth?"
- "Best practices for API authentication"
- "How to implement least privilege access"
- "What is the shared responsibility model in AWS?"
- "Explain NIST CSF framework"
### 2. Multi-Source Aggregation
Get comprehensive answers by combining information from multiple authoritative sources:
- **OWASP**: Application security, common vulnerabilities
- **NIST**: Frameworks, controls, standards
- **AWS**: Cloud security best practices
- **Google Cloud**: BeyondCorp, cloud security
- **SANS**: Incident response, penetration testing
- **CIS**: Security controls, benchmarks
### 3. Context-Aware Recommendations
The server understands security context and provides relevant guidance based on your specific situation.
## Available Documentation
### OWASP (18+ documents)
- **OWASP Top 10 2021**: All 10 vulnerability categories with detailed explanations
- **Cheat Sheets**:
- SQL Injection Prevention
- XSS Prevention
- Authentication
- Session Management
- Authorization/Access Control
- Cryptographic Storage
- Input Validation
- Secure Coding Practices
### NIST (10+ documents)
- **Cybersecurity Framework 2.0**: All 5 functions (Identify, Protect, Detect, Respond, Recover)
- **SP 800-53**: Security and Privacy Controls catalog
- **SP 800-171**: Protecting Controlled Unclassified Information
- **SP 800-207**: Zero Trust Architecture
- **Privacy Framework**: Privacy risk management
### AWS Security (7+ documents)
- Security Best Practices
- Well-Architected Framework - Security Pillar
- IAM Best Practices
- S3 Security Best Practices
- VPC Security
- Shared Responsibility Model
- KMS Best Practices
### Google Cloud Security (7+ documents)
- BeyondCorp Zero Trust Model
- Cloud Security Best Practices
- IAM Best Practices
- Security Command Center
- Confidential Computing
- VPC Service Controls
- GKE Workload Identity
### SANS/CWE (6+ documents)
- CWE Top 25 Most Dangerous Software Weaknesses (2023)
- CIS Critical Security Controls v8
- Common Vulnerability Categories
- Security Architecture Principles
- Incident Response Process
- Penetration Testing Methodology
### CIS (5+ documents)
- CIS Benchmarks Overview
- CIS Controls IG1, IG2, IG3
- CIS Risk Assessment Method (RAM)
## Use Cases
### For Developers
- Secure coding guidance
- Vulnerability prevention
- Authentication and authorization patterns
- Data protection techniques
- Input validation strategies
### For Security Engineers
- Security architecture principles
- Defense in depth strategies
- Incident response procedures
- Threat modeling guidance
- Security testing methodologies
### For Cloud Engineers
- AWS/Google Cloud security best practices
- IAM configuration guidance
- Network security patterns
- Encryption strategies
- Zero trust implementation
### For Compliance Teams
- Framework alignment (NIST, CIS)
- Control implementation guidance
- Risk assessment methodologies
- Audit preparation
- Policy development
### For Security Researchers
- Vulnerability categories and classifications
- Attack patterns and mitigations
- Latest threat information
- Security research methodologies
## Search Features
### Source Filtering
Limit search to specific sources:
```json
{
"query": "authentication best practices",
"source": "OWASP"
}
```
Supported sources: `OWASP`, `NIST`, `AWS`, `Google`, `SANS`, `CIS`
### Result Limiting
Control how many results you get:
```json
{
"query": "zero trust",
"limit": 10
}
```
Default: 5 results
### Relevance Scoring
Results are automatically scored and sorted by relevance. Scores are normalized to 0-100%.
### Context Extraction
For each result, the most relevant text chunk is automatically extracted and highlighted, so you don't have to read entire documents.
## Technical Features
### Performance
- **Local caching**: All docs stored locally for instant access
- **Fast search**: <100ms query response time
- **Lightweight**: ~50-100 MB memory footprint
- **Offline capable**: Works without internet after initial fetch
### Privacy
- **No external API calls** during query time
- **No telemetry** or data collection
- **All processing local**
- **Open source** and auditable
### Reliability
- **Graceful degradation**: Fetcher continues even if some sources fail
- **Error handling**: Clear error messages
- **Automatic retry**: Built-in resilience
- **Version tracking**: Tracks document update dates
### Extensibility
- **Modular architecture**: Easy to add new sources
- **Plugin system**: Implement `DocumentSource` interface
- **Configurable**: Customize sources and settings
- **Upgradeable**: Swap TF-IDF for embeddings
## Limitations
### Current Limitations
- English language only
- TF-IDF search (not neural embeddings)
- Manual update required (no auto-sync)
- Some sources may require periodic fetcher updates if their websites change
### Planned Enhancements
- Vector embeddings for better semantic search
- Multi-language support
- Automatic weekly updates
- Real-time web fetching option
- More security sources (Microsoft, Azure, PCI DSS, HIPAA, ISO)
- PDF document support for standards
- Document versioning and change tracking
## MCP Tools Reference
### `search_security_docs`
**Purpose**: Find relevant security documentation
**Parameters**:
- `query` (string, required): Your security question
- `limit` (number, optional): Max results (default: 5)
- `source` (string, optional): Filter by source
**Returns**: Ranked list of relevant documentation with excerpts and URLs
### `get_security_context`
**Purpose**: Get comprehensive multi-source context on a topic
**Parameters**:
- `topic` (string, required): Security topic to explore
**Returns**: Aggregated information from all relevant sources
### `list_security_sources`
**Purpose**: Discover available documentation sources
**Parameters**: None
**Returns**: List of all sources with their available resources
### `get_owasp_top10`
**Purpose**: Get specific OWASP Top 10 vulnerability information
**Parameters**:
- `category` (string, optional): Specific vulnerability category
**Returns**: Detailed OWASP Top 10 information
## Integration Patterns
### Research Assistant
Claude can automatically query security documentation when answering security questions, providing authoritative references.
### Code Review Helper
During code reviews, Claude can reference security best practices and identify potential vulnerabilities.
### Architecture Advisor
When designing systems, Claude can provide security architecture guidance from frameworks like NIST and CIS.
### Compliance Helper
Claude can help map requirements to security controls and provide implementation guidance.
## Best Practices
### Query Tips
1. **Be specific**: "AWS S3 bucket security" is better than "cloud security"
2. **Use technical terms**: "CSRF prevention" is better than "form attacks"
3. **Ask questions**: "How do I..." often yields better results than keywords
4. **Try different phrasings**: If first search doesn't work, rephrase
### Maintenance
1. **Update regularly**: Run `npm run fetch-docs` monthly
2. **Monitor sources**: Check if source websites have changed
3. **Review results**: Verify documentation is current
4. **Extend sources**: Add organization-specific documentation
### Integration
1. **Combine with code analysis**: Use with other MCP tools for comprehensive security reviews
2. **Create workflows**: Chain security checks with development workflows
3. **Document decisions**: Reference specific documentation in design docs
4. **Train teams**: Use as training resource for security awareness
---
**Your security expert is ready to help! 🛡️**
