security-hardening

Original：🇺🇸 English

Translated

5 scripts

Security hardening and secure coding practices. Use when user asks to "harden security", "secure coding", "OWASP vulnerabilities", "input validation", "sanitization", "SQL injection prevention", "XSS protection", "CORS security", "secure headers", "vulnerability scanning", or mentions security best practices and threat mitigation.

1installs

Source1mangesh1/dev-skills-collection

Added on2026-02-21

NPX Install

npx skill4agent add 1mangesh1/dev-skills-collection security-hardening

SKILL.md Content

View Translation Comparison →

Security Hardening & Secure Coding

Comprehensive security hardening and secure coding practices to prevent common vulnerabilities.

OWASP Top 10 (2021)

1. Broken Access Control

Implement proper authorization
Use role-based access control (RBAC)
Verify permissions on every request

2. Cryptographic Failures

Use strong encryption (AES-256)
Protect sensitive data in transit (TLS)
Never hardcode secrets

3. Injection

Use parameterized queries for SQL
Validate and sanitize all inputs
Use ORM frameworks

4. Insecure Design

Threat modeling during design
Secure by default principles
Regular security reviews

5. Security Misconfiguration

Keep dependencies updated
Remove default credentials
Disable unnecessary features

6. Vulnerable Components

Regular dependency audits
Use vulnerability scanning tools
Keep frameworks and libraries updated

7. Authentication & Session Failures

Strong password policies
Multi-factor authentication
Secure session management

8. Software & Data Integrity Failures

Verify package integrity
Use signed commits
Implement secure CI/CD

9. Logging & Monitoring Failures

Log security events
Monitor for suspicious activity
Regular security audits

10. SSRF

Validate URLs and redirects
Restrict outbound requests
Network-level controls

Secure Coding Practices

Input Validation

javascript

// Bad
const id = req.query.id;
const user = db.query(`SELECT * FROM users WHERE id = ${id}`);

// Good
const id = parseInt(req.query.id, 10);
if (!Number.isInteger(id) || id < 1) {
  throw new Error('Invalid ID');
}
const user = db.query('SELECT * FROM users WHERE id = ?', [id]);

Output Encoding