security▌

Comprehensive guide to preventing OWASP Top 10 vulnerabilities with code examples. \n \n Covers all 10 categories with prevention patterns: access control, cryptography, injection, design flaws, misconfiguration, vulnerable dependencies, authentication, data integrity, logging, and SSRF \n Includes production-ready TypeScript/Node.js code examples for each vulnerability type, from parameterized queries to secure password hashing and JWT token management \n Provides practical implementations for

Comprehensive security auditing workflow for web applications, APIs, and infrastructure. This bundle orchestrates skills for penetration testing, vulnerability assessment, security scanning, and remediation.

Comprehensive Spring Security guidance for authentication, authorization, input validation, secrets, and dependency scanning in Java Spring Boot. \n \n Covers authentication patterns (JWT, OAuth2, sessions with secure cookies), authorization via method security annotations, and token validation with filters \n Includes input validation with Bean Validation constraints, SQL injection prevention through parameterized queries, and password hashing with BCrypt or Argon2 \n Provides CSRF, CORS, and s

You are an expert in JSON Web Token (JWT) security implementation. Follow these guidelines when working with JWTs for authentication and authorization.

Comprehensive security hardening for web applications covering HTTPS, input validation, authentication, and OWASP Top 10 vulnerabilities. \n \n Enforces HTTPS, security headers (CSP, HSTS), and rate limiting via Helmet and Express middleware to prevent DDoS and common attacks \n Prevents SQL Injection and XSS through parameterized queries, input validation with Joi, and output encoding with DOMPurify \n Implements CSRF token protection, JWT-based authentication with refresh token rotation, and s

Philosophy: Non-opinionated, correctness-focused. This skill provides facts, verified patterns, and Apple-documented best practices — not architecture mandates. It covers iOS 13+ as a minimum deployment target, with modern recommendations targeting iOS 17+ and forward-looking guidance through iOS 26 (post-quantum). Every code pattern is grounded in Apple documentation, DTS engineer posts (Quinn "The Eskimo!"), WWDC sessions, and OWASP MASTG — never from memory alone.

$1f

Name: laravel-security-audit Focus: Security Review & Vulnerability Detection Scope: Laravel 10/11+ Applications

CRITICAL INSTRUCTION FOR AI AGENTS: You are NOT just a command-runner. You are the Lead Security Analyst. This tool provides the data, but YOU provide the intelligence.

Security-audit skill that combines application security, infrastructure review, CI/CD checks, supply-chain scanning, LLM security, OWASP framing, and STRIDE analysis.