Does it support OAuth and JWT implementation?

Absolutely. It offers secure patterns for token generation, verification, and secure cookie-based storage using HttpOnly and SameSite flags.

What security headers does it help configure?

It helps set up Content-Security-Policy (CSP), X-Frame-Options, Strict-Transport-Security (HSTS), and other essential headers to protect against common web attacks.

Can this skill help with dependency vulnerabilities?

Yes, it integrates with tools like npm audit and Snyk to identify and help remediate known vulnerabilities in your project's dependencies.

How does the Security Auditor skill prevent XSS?

It provides patterns for input sanitization using DOMPurify and leverages React's auto-escaping features to prevent malicious script injection.

Security Auditor

Name: Security Auditor
Author: deve1993

bydeve1993

•

安全与测试

Secures web applications by identifying vulnerabilities, implementing XSS/CSRF protections, and auditing authentication flows.

关于

The Security Auditor skill empowers developers to build resilient web applications by integrating industry-standard security practices directly into the development workflow. It specializes in cross-site scripting (XSS) prevention, CSRF protection, and Content Security Policy (CSP) configuration, while also providing deep expertise in secure authentication patterns like JWT and OAuth 2.0. Whether you are performing a comprehensive security audit, scanning dependencies for vulnerabilities, or hardening API endpoints, this skill ensures your codebase adheres to OWASP standards and modern secure coding principles.

主要功能

Content Security Policy (CSP) header generation and auditing
Secure authentication and authorization pattern implementation
1 GitHub stars
Dependency vulnerability scanning and remediation
Automated XSS and CSRF prevention strategies
Sensitive data handling and encryption best practices

使用场景

Hardening web application headers to prevent clickjacking and MIME sniffing
Implementing multi-factor authentication and secure JWT handling
Conducting a comprehensive security audit of a React or Express codebase

关于

主要功能

Content Security Policy (CSP) header generation and auditing
Secure authentication and authorization pattern implementation
1 GitHub stars
Dependency vulnerability scanning and remediation
Automated XSS and CSRF prevention strategies
Sensitive data handling and encryption best practices

使用场景

Hardening web application headers to prevent clickjacking and MIME sniffing
Implementing multi-factor authentication and secure JWT handling
Conducting a comprehensive security audit of a React or Express codebase