How does this skill help prevent SQL injection?

The skill provides patterns for using parameterized queries and modern ORMs like Drizzle or Prisma, ensuring user input is never concatenated directly into SQL statements.

Does this skill follow industry security standards?

Absolutely. The skill is built around core principles like Defense in Depth, Principle of Least Privilege, and the OWASP Top 10 framework.

Can this skill help me manage API keys and passwords?

Yes, it includes specific guidance on environment variable management, .gitignore configurations, and pre-commit hooks to prevent sensitive data from being committed to Git.

What authentication methods does it support?

It provides implementation patterns for password hashing with Argon2, secure session management with cookies, and JWT best practices including algorithm enforcement.

Security Best Practices

Name: Security Best Practices
Author: hgeldenhuys

byhgeldenhuys

•

Seguridad y Pruebas

Implements secure coding standards, vulnerability prevention, and robust secret management patterns to harden applications.

Acerca de

The Security Practices skill provides Claude Code with a comprehensive framework for identifying and mitigating security risks throughout the development lifecycle. It offers structured guidance on preventing OWASP Top 10 vulnerabilities, implementing secure authentication patterns, and enforcing strict input validation. By integrating these best practices, developers can proactively defend against injection attacks, cross-site scripting (XSS), and data leaks while ensuring that sensitive credentials never enter version control. Whether you are building an API from scratch or reviewing an existing codebase, this skill ensures security is a first-class citizen in your development workflow.

Características Principales

Input validation and sanitization using schema-based libraries like Zod
Secure authentication templates including Argon2 hashing and JWT best practices
1 GitHub stars
Automated secret management strategies and pre-commit hook configurations
Vulnerability prevention patterns for SQLi, XSS, and Command Injection
Security-focused code review prompts tailored for authentication and session logic

Casos de Uso

Auditing existing API endpoints for OWASP Top 10 vulnerabilities
Implementing production-grade authentication with secure cookie handling
Setting up environment-specific secret management and leak prevention

Acerca de

Características Principales

Input validation and sanitization using schema-based libraries like Zod
Secure authentication templates including Argon2 hashing and JWT best practices
1 GitHub stars
Automated secret management strategies and pre-commit hook configurations
Vulnerability prevention patterns for SQLi, XSS, and Command Injection
Security-focused code review prompts tailored for authentication and session logic

Casos de Uso

Auditing existing API endpoints for OWASP Top 10 vulnerabilities
Implementing production-grade authentication with secure cookie handling
Setting up environment-specific secret management and leak prevention