ReddRadar
Agent skill
security-implementation-guide
Comprehensive security patterns for authentication, authorization, input validation, and common vulnerability prevention
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/data/security-implementation-guide
Metadata
Additional technical details for this skill
- category
- security
- adapted by
- ai-skills
SKILL.md
Security Implementation Guide
Production-ready security patterns for web applications.
Input Validation
Sanitization
import DOMPurify from 'isomorphic-dompurify';
function sanitizeHTML(dirty: string): string {
return DOMPurify.sanitize(dirty, {
ALLOWED_TAGS: ['b', 'i', 'em', 'strong', 'p'],
ALLOWED_ATTR: []
});
}
// SQL injection prevention - use parameterized queries
const result = await db.query(
'SELECT * FROM users WHERE email = $1',
[email] // Never interpolate directly!
);
XSS Prevention
// React automatically escapes
<div>{userInput}</div> // Safe
// Dangerous - avoid dangerouslySetInnerHTML
<div dangerouslySetInnerHTML={{ __html: sanitizeHTML(userInput) }} />
// Set security headers
app.use(helmet({
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'"],
styleSrc: ["'self'", "'unsafe-inline'"],
}
}
}));
Authentication
Password Hashing
import bcrypt from 'bcrypt'; // allow-secret
async function hashPassword(password: string): Promise<string> { // allow-secret
const saltRounds = 12;
return bcrypt.hash(password, saltRounds); // allow-secret
}
async function verifyPassword(password: string, hash: string): Promise<boolean> { // allow-secret
return bcrypt.compare(password, hash); // allow-secret
}
Rate Limiting
import rateLimit from 'express-rate-limit';
const loginLimiter = rateLimit({
windowMs: 15 * 60 * 1000,
max: 5, // 5 attempts
message: 'Too many login attempts',
standardHeaders: true,
legacyHeaders: false,
});
app.post('/api/login', loginLimiter, loginHandler);
CSRF Protection
import csrf from 'csurf';
const csrfProtection = csrf({ cookie: true });
app.get('/form', csrfProtection, (req, res) => {
res.render('form', { csrfToken: req.csrfToken() });
});
app.post('/process', csrfProtection, (req, res) => {
// Protected endpoint
});
Integration Points
Complements:
- security-threat-modeler: For threat analysis
- backend-implementation-patterns: For secure APIs
- verification-loop: For security checks
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
Didn't find tool you were looking for?