web-security
Web Security Best Practices
Application-level security guidance for WordPress (PHP), Laravel (PHP), Django (Python), FastAPI (Python), and Plotly Dash (Python/Flask).
Important
- Always treat user input as untrusted, including callback inputs in Dash
- Use framework security features instead of custom implementations
- Validate server-side even when client-side validation exists
- Fail securely — errors must not expose system details
- Keep dependencies updated and audited
OWASP Top 10 (2021)
The current OWASP Top 10 categories that this skill addresses:
- A01 Broken Access Control — See references/authentication-csrf.md
- A02 Cryptographic Failures — See references/secure-data-handling.md
- A03 Injection — See references/sql-injection.md, references/xss-prevention.md
More from oiler/claude-skills
wordpress-themes
WordPress custom theme development specialist focused on clean, maintainable code following VIP standards. Includes modular theme structure, dart-sass via Homebrew, proper script/style enqueueing, template parts organization, text domain management, and comprehensive security practices (escaping, sanitization, file paths).
17plotly-dash-expert
Expert guidance for building Plotly Dash web applications. Use when user asks to create dashboards, interactive tables, data browsers, Dash apps, or mentions "Dash", "plotly", "DataTable", "dash callbacks", "dcc", or "dash_table". Covers app structure, callbacks, layouts, DataTable with server-side paging/sorting/filtering, database integration (SQLite/Postgres), multi-page apps, and self-hosted deployment with gunicorn/nginx. Focused on open-source Dash (not Dash Enterprise).
15python-expert
Expert guidance for Python programming. Use when user asks to write Python code, create scripts, build web apps with Django/Flask/FastAPI, run one-off tools with uv, debug Python errors, optimize performance, or asks about Python best practices, packaging, testing, or async patterns. Covers modern Python 3.10+ idioms, uv-based scripting, Django, Flask, FastAPI, data science, testing, and production deployment.
8css-specialist
Expert CSS guidance for developers with strong fundamentals who need help with modern CSS features (2020-2025) and advanced animations/visual effects. Applies clean, semantic CSS patterns with minimal utility classes and shallow inheritance.
6wordpress-blocks
WordPress custom Gutenberg block development with server-side PHP rendering. Includes block registration patterns, media upload integration, multiple item blocks, proper escaping/sanitization, and editor UI best practices. Maintains separation of concerns where editors control content while developers control design.
4