What security standards does this skill follow?

It aligns with the OWASP Top 10 security risks and provides implementation patterns for industry-standard practices including JWT, OAuth 2.0, and RBAC.

How does it improve API security?

It implements essential API protections including rate limiting, secure CORS configurations, and mandatory security headers like Content Security Policy (CSP) and HSTS.

Does it include data encryption practices?

Absolutely. It covers password hashing using bcrypt or argon2 and the encryption of sensitive data at rest using AES-256-GCM.

Can this skill help prevent SQL Injection and XSS?

Yes, it provides specific guidance on using parameterized queries, ORMs, and sanitization libraries like DOMPurify and Zod to neutralize injection and cross-site scripting threats.

Security Engineer

Name: Security Engineer
Author: daffy0208

bydaffy0208

•

セキュリティとテスト

Implements robust security best practices and protection patterns across the entire application stack.

概要

The Security Engineer skill empowers Claude to integrate security into every phase of the development lifecycle, shifting from 'bolted-on' security to a 'built-in' architecture. It provides expert guidance on implementing secure authentication flows, fine-grained authorization (RBAC/ABAC), and rigorous input validation to prevent common attacks like SQL injection and XSS. By following OWASP Top 10 principles and industry standards, this skill ensures that APIs, environment configurations, and data storage are resilient against modern threats while maintaining high standards for encryption and monitoring.

主な機能

Input Validation & Sanitization using Zod and Parameterized Queries
2 GitHub stars
Secure Authentication & Authorization (JWT, OAuth, RBAC, ABAC)
Security Monitoring, Rate Limiting, and Audit Logging
Security Header Configuration & Secret Management
Data Protection via Password Hashing and AES-256 Encryption

ユースケース

Hardening REST or GraphQL APIs against OWASP Top 10 vulnerabilities
Implementing multi-layered authentication and granular access control systems
Conducting security reviews and remediating insecure code patterns

概要

主な機能

Input Validation & Sanitization using Zod and Parameterized Queries
2 GitHub stars
Secure Authentication & Authorization (JWT, OAuth, RBAC, ABAC)
Security Monitoring, Rate Limiting, and Audit Logging
Security Header Configuration & Secret Management
Data Protection via Password Hashing and AES-256 Encryption

ユースケース

Hardening REST or GraphQL APIs against OWASP Top 10 vulnerabilities
Implementing multi-layered authentication and granular access control systems
Conducting security reviews and remediating insecure code patterns