secure-development
Installation
SKILL.md
Secure Development Skill
Purpose
This skill ensures all code development follows security-by-design principles as defined in the Hack23 ISMS Secure Development Policy. It applies to all software development activities including web applications, APIs, infrastructure code, and scripts.
Rules
Input Validation
MUST:
- Validate ALL user input at the point of entry (server-side validation is mandatory)
- Use allowlist validation (define what IS allowed, not what ISN'T)
- Validate data type, length, format, and range
- Encode output before rendering to prevent XSS
- Sanitize input before use in queries, commands, or file operations
- Reject invalid input with clear error messages (without exposing system details)