web-security-hardening
Web Security Hardening
Security audit checklist for web applications. Run through each item when reviewing or building web apps.
Audit Workflow
- Identify the framework (Node.js/Express, Python/Django/Flask, etc.)
- Review each checklist item below
- For implementation details, see framework-specific references:
- Node.js/Express: See references/nodejs.md
- Python/Django/Flask: See references/python.md
- For production deployments, see references/production-gcp.md for extended checklist covering:
- GCP infrastructure (IAM, networking, secrets)
- CI/CD pipeline security
- Monitoring & incident response
- Report findings with severity and remediation steps
Security Checklist
More from dtsong/my-claude-setup
web-design-guidelines
Review UI code for Web Interface Guidelines compliance. Use when asked to "review my UI", "check accessibility", "audit design", "review UX", or "check my site against best practices".
8soc-security-skills
>
6tdd
>
3vercel-react-best-practices
React and Next.js performance optimization guidelines from Vercel Engineering. This skill should be used when writing, reviewing, or refactoring React/Next.js code to ensure optimal performance patterns. Triggers on tasks involving React components, Next.js pages, data fetching, bundle optimization, or performance improvements.
3workflow
Use when planning implementation steps, deciding commit format, or structuring development approach. Provides brainstorm-plan-implement flow with conventional commits. Triggers on 'how should I approach this', 'commit format'.
2code-search
Fast codebase searches using grep/glob. Triggers on "find", "search", "where is", "grep for".
2