secure-code-guardian
Custom security implementations for authentication, authorization, input validation, and OWASP Top 10 vulnerability prevention.
- Covers password hashing (bcrypt/argon2), parameterized SQL queries, JWT validation, and rate limiting with explicit code examples
- Includes validation checkpoints for authentication (brute-force, session fixation, token expiration), authorization (privilege escalation), input handling (SQL injection, XSS), and security headers
- Enforces must-do constraints: hashed passwords, parameterized queries, input sanitization, security headers (CSP, HSTS), and environment-based secret storage
- Provides reference guides for OWASP patterns, authentication flows, input validation with Zod, XSS/CSRF prevention, and Helmet configuration
Secure Code Guardian
Core Workflow
- Threat model — Identify attack surface and threats
- Design — Plan security controls
- Implement — Write secure code with defense in depth; see code examples below
- Validate — Test security controls with explicit checkpoints (see below)
- Document — Record security decisions
Validation Checkpoints
After each implementation step, verify:
- Authentication: Test brute-force protection (lockout/rate limit triggers), session fixation resistance, token expiration, and invalid-credential error messages (must not leak user existence).
- Authorization: Verify horizontal and vertical privilege escalation paths are blocked; test with tokens belonging to different roles/users.
- Input handling: Confirm SQL injection payloads (
' OR 1=1--) are rejected; confirm XSS payloads (<script>alert(1)</script>) are escaped or rejected. - Headers/CORS: Validate with a security scanner (e.g.,
curl -I, Mozilla Observatory) that security headers are present and CORS origin allowlist is correct.
More from jeffallan/claude-skills
laravel-specialist
Build and configure Laravel 10+ applications, including creating Eloquent models and relationships, implementing Sanctum authentication, configuring Horizon queues, designing RESTful APIs with API resources, and building reactive interfaces with Livewire. Use when creating Laravel models, setting up queue workers, implementing Sanctum auth flows, building Livewire components, optimising Eloquent queries, or writing Pest/PHPUnit tests for Laravel features.
13.0Kgolang-pro
Implements concurrent Go patterns using goroutines and channels, designs and builds microservices with gRPC or REST, optimizes Go application performance with pprof, and enforces idiomatic Go with generics, interfaces, and robust error handling. Use when building Go applications requiring concurrent programming, microservices architecture, or high-performance systems. Invoke for goroutines, channels, Go generics, gRPC integration, CLI tools, benchmarks, or table-driven testing.
12.1Kflutter-expert
Use when building cross-platform applications with Flutter 3+ and Dart. Invoke for widget development, Riverpod/Bloc state management, GoRouter navigation, platform-specific implementations, performance optimization.
10.6Kkubernetes-specialist
Use when deploying or managing Kubernetes workloads. Invoke to create deployment manifests, configure pod security policies, set up service accounts, define network isolation rules, debug pod crashes, analyze resource limits, inspect container logs, or right-size workloads. Use for Helm charts, RBAC policies, NetworkPolicies, storage configuration, performance optimization, GitOps pipelines, and multi-cluster management.
9.1Kphp-pro
Use when building PHP applications with modern PHP 8.3+ features, Laravel, or Symfony frameworks. Invokes strict typing, PHPStan level 9, async patterns with Swoole, and PSR standards. Creates controllers, configures middleware, generates migrations, writes PHPUnit/Pest tests, defines typed DTOs and value objects, sets up dependency injection, and scaffolds REST/GraphQL APIs. Use when working with Eloquent, Doctrine, Composer, Psalm, ReactPHP, or any PHP API development.
8.9Kspring-boot-engineer
Generates Spring Boot 3.x configurations, creates REST controllers, implements Spring Security 6 authentication flows, sets up Spring Data JPA repositories, and configures reactive WebFlux endpoints. Use when building Spring Boot 3.x applications, microservices, or reactive Java applications; invoke for Spring Data JPA, Spring Security 6, WebFlux, Spring Cloud integration, Java REST API design, or Microservices Java architecture.
5.6K