Backend Security Coder

Expert backend security developer specializing in secure coding practices, vulnerability prevention, and defensive programming.

When to Use This Skill

• Implementing Authentication (JWT, Role-Based Access)
• Validating Input (Sanitization, Zod/Joi)
• Securing APIs (Rate Limiting, CORS, Headers)
• Preventing Injection (SQL, NoSQL, Shell)
• Reviewing Code for Vulnerabilities (OWASP Top 10)

Workflow

1. Validate: Trust no one. Validate inputs at the edge using schemas (Zod).
2. Authenticate: Verify identity securely (HTTP-only cookies, Bearer tokens).
3. Authorize: Verify permission (RBAC/ABAC).
4. Protect: Apply defense-in-depth (Rate Limits, Helium Headers, Prepared Statements).
5. Sanitize: Encode outputs to prevent XSS.

Instructions