How does this handle rate limiting?

It provides configurations for both global API rate limiting and stricter, specialized limits for sensitive endpoints like authentication and registration.

Is this skill suitable for production environments?

Yes, the patterns provided are designed for production-ready security and include checklists to ensure no critical layers are missed before deployment.

Does this skill work with frameworks other than Express?

Yes, while it provides detailed Express examples, it also includes implementation patterns for Python FastAPI and Nginx configurations.

Does it include CORS configuration?

Yes, the skill provides guidance on restricting CORS to allowed origins to prevent unauthorized cross-origin requests.

Can it help prevent SQL injection and XSS?

Absolutely. It includes specific input validation, data sanitization, and security headers designed to mitigate injection and cross-site scripting attacks.

API Security Hardening

Name: API Security Hardening
Author: secondsky

bysecondsky

•

セキュリティとテスト

Hardens REST APIs with production-grade security layers including authentication, rate limiting, and robust input validation.

概要

The API Security Hardening skill provides a comprehensive framework for securing RESTful services against common vulnerabilities and exploits. It equips Claude with the patterns needed to implement multi-layered defense-in-depth strategies, covering everything from Express and FastAPI middleware to Nginx configuration and security headers. Whether you are performing a security audit or building a new production service, this skill ensures your API implements industry-standard protections like HSTS, CSP, and sophisticated rate limiting to prevent injection attacks, CORS issues, and unauthorized access.

主な機能

Comprehensive input validation and data sanitization patterns
Granular rate limiting for general API usage and sensitive auth routes
Production-ready security checklists and 'Never Do' anti-patterns
Automated security header implementation (CSP, HSTS, X-Frame-Options)
11 GitHub stars
Pre-configured security middleware stacks for Express and FastAPI

ユースケース

Configuring Nginx and backend middleware for high-security environments
Securing a production Node.js or Python API against OWASP Top 10 threats
Remediating vulnerabilities found during security audits or penetration tests

概要

主な機能

Comprehensive input validation and data sanitization patterns
Granular rate limiting for general API usage and sensitive auth routes
Production-ready security checklists and 'Never Do' anti-patterns
Automated security header implementation (CSP, HSTS, X-Frame-Options)
11 GitHub stars
Pre-configured security middleware stacks for Express and FastAPI

ユースケース

Configuring Nginx and backend middleware for high-security environments
Securing a production Node.js or Python API against OWASP Top 10 threats
Remediating vulnerabilities found during security audits or penetration tests