AI Skills
security-practices

security-practices

Master secure development, OWASP top 10, testing, and compliance. Use when building secure systems, conducting security reviews, or implementing best practices.

1Star
0Fork
更新于 1/5/2026
获取 Skill源代码
SKILL.md
readonly只读
name
security-practices
description

Master secure development, OWASP top 10, testing, and compliance. Use when building secure systems, conducting security reviews, or implementing best practices.

Security, QA & Best Practices Skill

Quick Start - Secure Authentication

import bcrypt from 'bcrypt';
import jwt from 'jsonwebtoken';

// Hash password
const password = 'user_password';
const hash = await bcrypt.hash(password, 10);

// Verify password
const isValid = await bcrypt.compare(password, hash);

// Issue JWT
const token = jwt.sign(
  { userId: 1, email: 'user@example.com' },
  process.env.JWT_SECRET,
  { expiresIn: '24h', algorithm: 'HS256' }
);

// Verify JWT
const decoded = jwt.verify(token, process.env.JWT_SECRET);

Core Technologies

Security Tools

  • Burp Suite
  • OWASP ZAP
  • Snort/Suricata
  • Nmap

Testing Frameworks

  • Selenium / Cypress
  • Jest / pytest
  • JMeter / Gatling
  • Postman / Insomnia

Code Quality

  • SonarQube
  • ESLint / Prettier
  • Pylint / Black

Best Practices

  1. OWASP Top 10 - Know and prevent vulnerabilities
  2. Secure Coding - Input validation, parameterized queries
  3. Testing - Unit, integration, and E2E tests
  4. Code Review - Peer review process
  5. Monitoring - Continuous security monitoring
  6. Compliance - GDPR, HIPAA, PCI-DSS
  7. Incident Response - Clear procedures
  8. Documentation - Security policies

Resources

You Might Also Like

Related Skills

create-pr

create-pr

170Kdev-devops

Creates GitHub pull requests with properly formatted titles that pass the check-pr-title CI validation. Use when creating PRs, submitting changes for review, or when the user says /pr or asks to create a pull request.

n8n-io avatarn8n-io
获取
electron-chromium-upgrade

electron-chromium-upgrade

120Kdev-devops

Guide for performing Chromium version upgrades in the Electron project. Use when working on the roller/chromium/main branch to fix patch conflicts during `e sync --3`. Covers the patch application workflow, conflict resolution, analyzing upstream Chromium changes, and proper commit formatting for patch fixes.

electron avatarelectron
获取
pr-creator

pr-creator

92Kdev-devops

Use this skill when asked to create a pull request (PR). It ensures all PRs follow the repository's established templates and standards.

google-gemini avatargoogle-gemini
获取
clawdhub

clawdhub

87Kdev-devops

Use the ClawdHub CLI to search, install, update, and publish agent skills from clawdhub.com. Use when you need to fetch new skills on the fly, sync installed skills to latest or a specific version, or publish new/updated skill folders with the npm-installed clawdhub CLI.

moltbot avatarmoltbot
获取
tmux

tmux

87Kdev-devops

Remote-control tmux sessions for interactive CLIs by sending keystrokes and scraping pane output.

moltbot avatarmoltbot
获取
create-pull-request

create-pull-request

57Kdev-devops

Create a GitHub pull request following project conventions. Use when the user asks to create a PR, submit changes for review, or open a pull request. Handles commit analysis, branch management, and PR creation using the gh CLI tool.

cline avatarcline
获取