Is it compatible with specific frameworks?

The patterns are demonstrated in TypeScript and JavaScript (often using Next.js, Supabase, or Express), but the security principles and implementation logic can be adapted to most modern web stacks.

Does this skill handle sensitive data directly?

No, the skill provides patterns and code structures for you to implement; it helps you write code that manages secrets securely via environment variables and proper hashing rather than hardcoding them.

Which authentication methods are supported?

It includes patterns for modern authentication workflows including JWT tokens with httpOnly cookies, Multi-Factor Authentication (MFA), and secure password hashing.

Can it help prevent XSS and SQL injection?

Yes, it provides specific implementation patterns for parameterized queries, schema-based validation with Zod, and HTML sanitization using DOMPurify to mitigate these attacks.

Security Best Practices & Patterns

Name: Security Best Practices & Patterns
Author: mnthe

bymnthe

•

Security & Testing

Implements production-grade security patterns and OWASP best practices for authentication, input validation, and data protection.

About

This skill equips Claude with specialized knowledge of the OWASP Top 10 and modern web security patterns, enabling it to write secure-by-default code. It provides battle-tested implementations for robust authentication (JWT, MFA), schema-based input validation with Zod, secure database interactions, and proper environment variable management. By using this skill, developers can proactively mitigate common vulnerabilities like SQL injection, broken access control, and insecure design while building scalable, production-ready applications with industry-standard safeguards.

Key Features

OWASP Top 10 mitigation strategies including protection against injection and broken access control
Schema-based input and file upload validation using Zod
Secure password hashing and verification implementation using bcrypt or Argon2
Secure authentication patterns including MFA and httpOnly JWT cookie handling
2 GitHub stars
Infrastructure-level security patterns for rate limiting and HTTP security headers

Use Cases

Building secure authentication and authorization systems for web applications
Implementing Row Level Security (RLS) and Role-Based Access Control (RBAC)
Sanitizing user input and file uploads to prevent XSS and injection attacks

About

Key Features

OWASP Top 10 mitigation strategies including protection against injection and broken access control
Schema-based input and file upload validation using Zod
Secure password hashing and verification implementation using bcrypt or Argon2
Secure authentication patterns including MFA and httpOnly JWT cookie handling
2 GitHub stars
Infrastructure-level security patterns for rate limiting and HTTP security headers

Use Cases

Building secure authentication and authorization systems for web applications
Implementing Row Level Security (RLS) and Role-Based Access Control (RBAC)
Sanitizing user input and file uploads to prevent XSS and injection attacks