security
Security
This skill provides guidance on writing secure code and identifying security vulnerabilities during code review.
Core Principles
- Defense in Depth: Layer multiple security controls; don't rely on a single defense
- Least Privilege: Grant minimum permissions necessary for functionality
- Don't Trust Input: Validate and sanitize all external input
- Keep It Simple: Complex code is harder to secure
- Fail Secure: When errors occur, fail closed rather than open
OWASP Top 10 (2025)
The OWASP Top 10 represents the most critical web application security risks.
A01: Broken Access Control
Failures in enforcing what authenticated users are allowed to do.
More from booch/config_files
sdlc
Software development lifecycle guidance. This skill should be used when planning development work, conducting code reviews, or establishing development workflows. Use proactively when reviewing code, preparing commits, creating pull requests, refactoring, or discussing development process and best practices. (user)
13design
Software design principles and patterns. This skill should be used when making architectural decisions, designing classes or modules, or evaluating code structure. Use proactively when discussing SOLID principles, coupling, cohesion, connascence, refactoring structure, class design, module boundaries, dependency injection, or the Four Rules of Simple Design. (user)
7skill-creator
Create effective AI skills. This skill should be used when user wants to create a new skill (or update an existing skill) that extends an AI with specialized capabilities, knowledge, workflows, or tool integrations.
7testing
Testing philosophy and practices. This skill should be used when writing tests, designing test strategies, or reviewing test code. Use proactively when discussing TDD, red-green-refactor, test doubles, mocks, stubs, fakes, RSpec, Jest, pytest, unit tests, integration tests, test coverage, or test-first development. (user)
6code-quality
Code quality guidelines including naming, structure, and maintainability. This skill should be used when writing or reviewing code to ensure it meets quality standards. Use proactively when discussing naming conventions, code smells, readability, Sandi Metz rules, method length, class size, comments, refactoring for clarity, or maintainability concerns. (user)
6