Can I use this for cloud-native security?

Absolutely; it covers principles like Defense in Depth, VPC/firewall strategies, and data encryption at rest (AES-256) and in transit (TLS 1.3) applicable to modern cloud environments.

How does it handle sensitive user data?

The skill offers guidance on PII minimization, masking sensitive data in logs, and defining secure retention policies to ensure data privacy and compliance.

How does this skill improve application security?

It provides standardized patterns for input validation, authentication, and data protection based on industry-leading security principles like 'Secure by Default' and 'Least Privilege'.

Does this skill help with OWASP compliance?

Yes, it includes a dedicated mapping of the OWASP Top 10 risks to specific mitigation strategies, helping developers avoid injection, broken access control, and other common threats.

Security Best Practices & Fundamentals

Name: Security Best Practices & Fundamentals
Author: violetio

byvioletio

•

보안 및 테스팅

Implements and enforces security best practices, input validation, and core defensive principles across the software development lifecycle.

소개

This skill provides comprehensive guidance on building secure applications by integrating core principles like Defense in Depth and Least Privilege. It offers actionable code patterns for input validation, secure authentication/authorization, and data protection, while also serving as a reference for OWASP Top 10 mitigation. It is particularly useful for developers architecting new systems, conducting security reviews, or ensuring compliance with modern security standards within their AI-assisted coding workflows.

주요 기능

Secure authentication and authorization implementations
1 GitHub stars
Defense in Depth and Least Privilege guidance
OWASP Top 10 risk awareness and mitigation strategies
Input validation and sanitization code patterns
Data protection strategies for PII and sensitive information

사용 사례

Designing secure API endpoints with robust token handling and resource isolation
Implementing row-level security and RBAC for multi-tenant applications
Auditing existing codebases for common vulnerabilities like injection and insecure logging

소개

주요 기능

Secure authentication and authorization implementations
1 GitHub stars
Defense in Depth and Least Privilege guidance
OWASP Top 10 risk awareness and mitigation strategies
Input validation and sanitization code patterns
Data protection strategies for PII and sensitive information

사용 사례

Designing secure API endpoints with robust token handling and resource isolation
Implementing row-level security and RBAC for multi-tenant applications
Auditing existing codebases for common vulnerabilities like injection and insecure logging