How does this skill help with OWASP Top 10 compliance?

The skill provides specific code patterns and implementation strategies to mitigate major risks like SQL Injection, XSS, and Broken Access Control using modern libraries like Zod and DOMPurify.

Does it provide guidance on secrets management?

Absolutely. It provides patterns for moving away from hardcoded secrets toward secure environment variables and cloud-based secret managers like Google Secret Manager.

Can this skill help implement OAuth 2.0 for third-party logins?

Yes, it includes detailed workflows for OIDC and OAuth 2.0 integrations, including state verification, secure token exchange, and ID token verification.

What is the difference between RBAC and ABAC in this skill?

The skill provides patterns for both Role-Based Access Control (simple roles like 'admin' or 'editor') and Attribute-Based Access Control (complex logic based on ownership or resource properties).

Does this skill cover frontend security like CSP?

Yes, the skill includes templates for setting up Content Security Policy (CSP) headers and other security-related headers using middleware like Helmet.

Secure Coding Practices

Name: Secure Coding Practices
Author: miles990

bymiles990

•

セキュリティとテスト

Implements OWASP-aligned security patterns and robust authentication frameworks to protect applications from common vulnerabilities.

概要

The Security Practices skill equips Claude with the expertise to identify code vulnerabilities and implement enterprise-grade security measures across the full software development lifecycle. It provides production-ready implementation patterns for mitigating OWASP Top 10 risks—such as SQL injection, XSS, and CSRF—while offering deep guidance on advanced authentication (JWT, OAuth 2.0), granular authorization models (RBAC/ABAC), and hardened secrets management. This skill is essential for developers building secure, compliant applications that need to defend against modern cyber threats and maintain data integrity.

主な機能

Security header configuration and hardened secrets management workflows
Comprehensive input validation and sanitization using Zod and DOMPurify
Secure authentication patterns including JWT refresh token rotation and OAuth 2.0
OWASP Top 10 mitigation strategies for common web vulnerabilities
Granular authorization via Role-Based (RBAC) and Attribute-Based (ABAC) Access Control
1 GitHub stars

ユースケース

Implementing a secure, multi-tier authentication system with OAuth 2.0 and session management
Hardening an existing Node.js/TypeScript API against injection and cross-site scripting attacks
Designing granular permission systems for complex enterprise dashboards and data access

概要

主な機能

Security header configuration and hardened secrets management workflows
Comprehensive input validation and sanitization using Zod and DOMPurify
Secure authentication patterns including JWT refresh token rotation and OAuth 2.0
OWASP Top 10 mitigation strategies for common web vulnerabilities
Granular authorization via Role-Based (RBAC) and Attribute-Based (ABAC) Access Control
1 GitHub stars

ユースケース

Implementing a secure, multi-tier authentication system with OAuth 2.0 and session management
Hardening an existing Node.js/TypeScript API against injection and cross-site scripting attacks
Designing granular permission systems for complex enterprise dashboards and data access