All Skills
7109 skills found
Skills List
cryptographic-key-management
Security pattern for managing cryptographic keys throughout their lifecycle. Use when integrating cryptography requiring key generation, storage, distribution, or usage. Provides guidance on key confidentiality, integrity, configuration protection, and key information handling. Foundation for Cryptography as a service and Self-managed cryptography patterns.
igbuendauthorisation
Security pattern for implementing access control and authorization. Use when designing permission systems, implementing RBAC/ABAC, preventing unauthorized access, addressing privilege escalation, or ensuring users can only perform allowed actions on permitted resources. Addresses "Entity performs disallowed action" problem.
igbuendhardcoded-secrets-anti-pattern
Security anti-pattern for hardcoded credentials and secrets (CWE-798). Use when generating or reviewing code that handles API keys, passwords, database credentials, encryption keys, or any sensitive configuration. Detects embedded secrets and recommends environment variables or secret managers.
igbuendjwt-misuse-anti-pattern
Security anti-pattern for JWT misuse vulnerabilities (CWE-287). Use when generating or reviewing code that creates, validates, or uses JSON Web Tokens. Detects 'none' algorithm attacks, weak secrets, sensitive data in payloads, and missing expiration.
igbuendcryptographic-action
Base security pattern for integrating cryptographic primitives into software systems. Use when implementing encryption, digital signatures, MACs, or any cryptographic operations. Provides guidance on library selection, key usage, configuration protection, and designing for cryptographic agility. Foundation pattern for Encryption, Digital signature, and MAC patterns.
igbuendencrypted-tunnel
Security pattern for channel-level encryption (TLS/SSH). Use when implementing HTTPS, securing all communication between endpoints, setting up TLS connections, or when infrastructure should handle encryption transparently. Addresses "Leak action request or data in transit" problem.
igbuendmissing-rate-limiting-anti-pattern
Security anti-pattern for missing rate limiting (CWE-770). Use when generating or reviewing API endpoints, authentication systems, or public-facing services. Detects absence of request throttling enabling brute force, credential stuffing, and DoS attacks.
igbuendmissing-security-headers-anti-pattern
Security anti-pattern for missing security headers (CWE-16). Use when generating or reviewing web application code, server configuration, or HTTP response handling. Detects missing CSP, HSTS, X-Frame-Options, and other protective headers.
igbuendpassword-based-authentication
Security pattern for implementing password-based authentication. Use when designing login systems with username/password, implementing password storage, hashing, salting, peppering, password policies, or password reset flows. Specialization of the Authentication pattern.
igbuendpath-traversal-anti-pattern
Security anti-pattern for path traversal vulnerabilities (CWE-22). Use when generating or reviewing code that handles file paths, reads or writes files based on user input, or serves static content. Detects joining user input to paths without proper sanitization or validation.
igbuendcommand-injection-anti-pattern
Security anti-pattern for OS Command Injection vulnerabilities (CWE-78). Use when generating or reviewing code that executes shell commands, runs system processes, or handles user input in command-line operations. Detects shell string concatenation and recommends argument arrays.
igbuendauthentication-security-pattern
Security pattern for implementing authentication in software systems. Use when designing or reviewing authentication mechanisms, implementing login systems, verifying user identity, protecting system access, or addressing OWASP authentication flaws. Provides guidance on enforcers, verifiers, evidence providers, subject registration, credential management, and security considerations.
igbuendlog-injection-anti-pattern
Security anti-pattern for log injection vulnerabilities (CWE-117). Use when generating or reviewing code that writes to log files, handles logging of user input, or processes log data. Detects unsanitized data in log messages enabling log forging and CRLF injection.
igbuendsession-fixation-anti-pattern
Security anti-pattern for session fixation vulnerabilities (CWE-384). Use when generating or reviewing code that handles user sessions, login flows, or authentication state changes. Detects failure to regenerate session IDs after authentication.
igbuendtransparent-encrypted-storage
Security pattern for full-disk or database-level encryption at rest. Use when implementing Transparent Data Encryption (TDE), full-disk encryption, or when storage infrastructure should handle encryption without application changes. Addresses "Leak data at rest" problem.
igbuenddigital-signature
Security pattern for implementing digital signatures. Use when implementing document signing, code signing, certificate signing, non-repudiation, or verifying authenticity and integrity of messages using asymmetric cryptography (RSA, ECDSA, Ed25519).
igbuendinsecure-temp-files-anti-pattern
Security anti-pattern for insecure temporary files (CWE-377). Use when generating or reviewing code that creates temporary files, handles file caching, or processes uploads through temp storage. Detects predictable paths, insecure permissions, and missing cleanup.
igbuendlimit-request-rate
Security pattern for implementing rate limiting and throttling. Use when protecting against brute-force attacks, DoS/DDoS mitigation, preventing resource exhaustion, or limiting API abuse. Addresses "Entity absorbs excessive resources" problem.
igbuendverbose-error-messages-anti-pattern
Security anti-pattern for verbose error messages (CWE-209). Use when generating or reviewing code that handles errors, exceptions, or generates user-facing error responses. Detects stack trace exposure and detailed error information leakage to users.
igbuendsession-based-access-control
Security pattern combining session authentication with authorization. Use when implementing web application security requiring both user authentication via session IDs and authorization checks for resource access. Combines Opaque token-based authentication with Authorisation pattern.
igbuendinsufficient-randomness-anti-pattern
Security anti-pattern for insufficient randomness vulnerabilities (CWE-330). Use when generating or reviewing code that creates security tokens, session IDs, encryption keys, nonces, or any security-critical random values. Detects use of Math.random() or predictable seeds.
igbuendmass-assignment-anti-pattern
Security anti-pattern for mass assignment vulnerabilities (CWE-915). Use when generating or reviewing code that creates or updates objects from user input, form handling, or API request processing. Detects uncontrolled property binding enabling privilege escalation.
igbuendldap-injection-anti-pattern
Security anti-pattern for LDAP injection vulnerabilities (CWE-90). Use when generating or reviewing code that constructs LDAP filters, queries directory services, or handles user input in LDAP operations. Detects unescaped special characters in LDAP filters.
igbuendexcessive-data-exposure-anti-pattern
Security anti-pattern for excessive data exposure (CWE-200). Use when generating or reviewing API responses, database queries, or data serialization. Detects returning more data than necessary including internal fields, sensitive attributes, and related records.
igbuend