Is this skill compatible with OWASP standards?

Yes, the workflow and checklists are mapped to OWASP Top 10, ASVS, and Cheat Sheet series to ensure industry-standard security compliance.

Does it support modern cryptographic standards?

Absolutely. It promotes the use of AES-256-GCM for encryption and Argon2 or bcrypt for password hashing, ensuring your application uses current, secure algorithms.

How does this skill help prevent common vulnerabilities?

The skill applies a 'Trust Nothing' approach, providing specific patterns for server-side validation, context-aware encoding, and secure defaults to mitigate risks like SQLi and XSS.

Can this skill be used for security-focused code reviews?

Yes, it includes a high-risk code pattern library that helps Claude identify dangerous functions, insecure deserialization, and hardcoded secrets during analysis.

Secure Coding Practices

Name: Secure Coding Practices
Author: NickCrew

byNickCrew

•

Security & Testing

Implements security-first development patterns and defensive programming techniques to protect applications against common vulnerabilities and threats.

About

The Secure Coding Practices skill provides a comprehensive framework for building resilient software by integrating defensive programming patterns directly into the development workflow. It guides Claude in implementing critical security controls—such as robust authentication systems, strict input validation, and industry-standard cryptographic operations—while referencing authoritative sources like OWASP and NIST. This skill is essential for developers and security engineers who need to conduct thorough code reviews, manage sensitive data, or ensure their applications are architecturally sound against high-risk patterns like SQL injection, cross-site scripting (XSS), and insecure direct object references.

Key Features

7 GitHub stars
Implementation guides for industry-standard authentication and session management
Supply chain security management and dependency auditing
Context-aware input validation and output encoding patterns
Secure cryptographic configurations for encryption and password hashing
High-risk code pattern detection for proactive threat mitigation

Use Cases

Architecting secure authentication and authorization systems for web services
Establishing secure development standards and checklists for engineering teams
Conducting security-focused code reviews to identify and remediate vulnerabilities

About

Key Features

7 GitHub stars
Implementation guides for industry-standard authentication and session management
Supply chain security management and dependency auditing
Context-aware input validation and output encoding patterns
Secure cryptographic configurations for encryption and password hashing
High-risk code pattern detection for proactive threat mitigation

Use Cases

Architecting secure authentication and authorization systems for web services
Establishing secure development standards and checklists for engineering teams
Conducting security-focused code reviews to identify and remediate vulnerabilities