Can it help with server-level security?

Absolutely. It includes a comprehensive guide for hardening php.ini directives such as disabling expose_php, setting secure session cookie flags, and configuring open_basedir.

Does it support modern PHP password hashing?

Yes, it implements best practices using password_hash() with PASSWORD_DEFAULT (Argon2id or bcrypt) and includes logic for automatic rehashing when algorithms change.

How does this skill help prevent SQL injection?

It guides developers to use PDO prepared statements with bound parameters for all database queries, ensuring user input is never directly interpolated into SQL strings.

What XSS protections are included in this skill?

The skill provides contextual escaping patterns using htmlspecialchars for HTML and json_encode for JavaScript, along with Content-Security-Policy header recommendations.

PHP Security Essentials

Name: PHP Security Essentials
Author: peixotorms

bypeixotorms

0•

セキュリティとテスト

Implements industry-standard PHP security patterns and hardening techniques to protect applications against OWASP Top 10 vulnerabilities.

This Claude Code skill provides comprehensive guidance for building secure PHP applications by enforcing defensive programming patterns. It covers critical security domains including SQL injection prevention via PDO, XSS mitigation through contextual escaping, CSRF protection, and robust password hashing with Argon2 and bcrypt. Beyond code-level fixes, it provides actionable patterns for secure file uploads, session management, filesystem security, and server-level hardening via php.ini configurations, helping developers maintain a high security posture from development through production deployment.

主な機能

01Comprehensive php.ini hardening and filesystem security guidelines

02SQL injection prevention using PDO prepared statements and bound parameters

03Context-aware XSS protection and Content-Security-Policy (CSP) implementation

04Modern password security using password_hash and rehash logic

050 GitHub stars

06Secure session management and timing-safe CSRF token validation

ユースケース

01Hardening production server environments and file upload processing

02Securing legacy PHP applications against modern web vulnerabilities

03Building robust authentication systems with secure session handling

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add peixotorms/odinlayer-skills php-security

For use in Claude.ai and ChatGPT

Download Skill