security-fundamentals

What problem does it solve?

This Skill ensures your applications are built with security as a core principle, preventing common vulnerabilities and protecting sensitive data. It guides you through implementing essential security measures from the ground up, reducing the risk of breaches, compliance issues, and reputational damage.

Core Features & Use Cases

• OWASP Top 10 Prevention: Implement robust defenses against the most critical web application security risks, such as injection, broken access control, and cryptographic failures.
• Input Validation & Secret Management: Securely handle all user input and manage sensitive information (API keys, passwords) to prevent common attack vectors and data leaks.
• Authentication & Authorization: Implement robust user authentication, session management, and access control to ensure only authorized users can access resources.
• Use Case: When building a new API endpoint that accepts user input, use this skill to ensure all inputs are validated, SQL injection is prevented using parameterized queries, and access control checks are in place before any data is processed.

Quick Start

Example: Prevent SQL Injection using an ORM (Prisma)

const user = await prisma.user.findUnique({ where: { email } })

Example: Hash passwords with bcrypt

import bcrypt from 'bcrypt' const hash = await bcrypt.hash(password, 10)