How does this skill help with OWASP Top 10 compliance?

The skill provides specific code patterns and implementation strategies to mitigate major risks like SQL Injection, XSS, and Broken Access Control using modern libraries like Zod and DOMPurify.

Does it provide guidance on secrets management?

Absolutely. It provides patterns for moving away from hardcoded secrets toward secure environment variables and cloud-based secret managers like Google Secret Manager.

Can this skill help implement OAuth 2.0 for third-party logins?

Yes, it includes detailed workflows for OIDC and OAuth 2.0 integrations, including state verification, secure token exchange, and ID token verification.

What is the difference between RBAC and ABAC in this skill?

The skill provides patterns for both Role-Based Access Control (simple roles like 'admin' or 'editor') and Attribute-Based Access Control (complex logic based on ownership or resource properties).

Does this skill cover frontend security like CSP?

Yes, the skill includes templates for setting up Content Security Policy (CSP) headers and other security-related headers using middleware like Helmet.

Secure Coding Practices

Name: Secure Coding Practices
Author: miles990

bymiles990

•

보안 및 테스팅

Implements OWASP-aligned security patterns and robust authentication frameworks to protect applications from common vulnerabilities.

The Security Practices skill equips Claude with the expertise to identify code vulnerabilities and implement enterprise-grade security measures across the full software development lifecycle. It provides production-ready implementation patterns for mitigating OWASP Top 10 risks—such as SQL injection, XSS, and CSRF—while offering deep guidance on advanced authentication (JWT, OAuth 2.0), granular authorization models (RBAC/ABAC), and hardened secrets management. This skill is essential for developers building secure, compliant applications that need to defend against modern cyber threats and maintain data integrity.

주요 기능

01Security header configuration and hardened secrets management workflows

02Comprehensive input validation and sanitization using Zod and DOMPurify

03Secure authentication patterns including JWT refresh token rotation and OAuth 2.0

04OWASP Top 10 mitigation strategies for common web vulnerabilities

05Granular authorization via Role-Based (RBAC) and Attribute-Based (ABAC) Access Control

061 GitHub stars

사용 사례

01Implementing a secure, multi-tier authentication system with OAuth 2.0 and session management

02Hardening an existing Node.js/TypeScript API against injection and cross-site scripting attacks

03Designing granular permission systems for complex enterprise dashboards and data access

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add miles990/claude-software-skills security-practices

For use in Claude.ai and ChatGPT

Download Skill