PACT Security Patterns FAQs

Question 1

How do I perform a security audit using this skill?

Accepted Answer

You can trigger an audit by asking Claude to review your code for vulnerabilities or by following the included Security Checklist which covers credentials, input/output, and transport security.

Question 2

Does this skill help with OWASP compliance?

Accepted Answer

Yes, it provides specific mitigations and code patterns for the OWASP Top 10 vulnerabilities, including SQL injection, cross-site scripting (XSS), and broken access control.

Question 3

How does this skill prevent credential leaks?

Accepted Answer

It enforces strict rules against hardcoding secrets, monitors for sensitive prefixes in frontend code, and provides verification scripts to grep for exposed keys before any code is committed.

Question 4

Can I use these patterns for non-Express.js applications?

Accepted Answer

While the code examples utilize popular frameworks like Express and React, the core SACROSANCT security rules and architectural patterns are language-agnostic and applicable to any stack.

Question 5

What is the Backend Proxy Pattern included in this skill?

Accepted Answer

It is a mandatory architectural pattern that ensures frontend applications never handle API credentials directly; instead, all external requests are routed through a secure server-side proxy.

PACT Security Patterns

Key Features

Use Cases

PACT Security Patterns

Key Features

Use Cases