security-best-practices
Comprehensive security hardening for web applications covering HTTPS, input validation, authentication, and OWASP Top 10 vulnerabilities.
- Enforces HTTPS, security headers (CSP, HSTS), and rate limiting via Helmet and Express middleware to prevent DDoS and common attacks
- Prevents SQL Injection and XSS through parameterized queries, input validation with Joi, and output encoding with DOMPurify
- Implements CSRF token protection, JWT-based authentication with refresh token rotation, and secret management via environment variables
- Includes OWASP Top 10 checklist and best practices for access control, defense in depth, and principle of least privilege
Security Best Practices
When to use this skill
- New project: consider security from the start
- Security audit: inspect and fix vulnerabilities
- Public API: harden APIs accessible externally
- Compliance: comply with GDPR, PCI-DSS, etc.
Instructions
Step 1: Enforce HTTPS and security headers
Express.js security middleware:
import express from 'express';
import helmet from 'helmet';
More from supercent-io/skills-template
data-analysis
Analyze datasets to extract insights, identify patterns, and generate reports. Use when exploring data, creating visualizations, or performing statistical analysis. Handles CSV, JSON, SQL queries, and Python pandas operations.
13.8Kweb-accessibility
Implement web accessibility (a11y) standards following WCAG 2.1 guidelines. Use when building accessible UIs, fixing accessibility issues, or ensuring compliance with disability standards. Handles ARIA attributes, keyboard navigation, screen readers, semantic HTML, and accessibility testing.
12.7Kworkflow-automation
Automate repetitive development tasks and workflows. Use when creating build scripts, automating deployments, or setting up development workflows. Handles npm scripts, Makefile, GitHub Actions workflows, and task automation.
12.6Kcode-review
Conduct thorough, constructive code reviews for quality and security. Use when reviewing pull requests, checking code quality, identifying bugs, or auditing security. Handles best practices, SOLID principles, security vulnerabilities, performance analysis, and testing coverage.
12.5Kdatabase-schema-design
Design and optimize database schemas for SQL and NoSQL databases. Use when creating new databases, designing tables, defining relationships, indexing strategies, or database migrations. Handles PostgreSQL, MySQL, MongoDB, normalization, and performance optimization.
12.2Kcode-refactoring
Simplify and refactor code while preserving behavior, improving clarity, and reducing complexity. Use when simplifying complex code, removing duplication, or applying design patterns. Handles Extract Method, DRY principle, SOLID principles, behavior validation, and refactoring patterns.
11.9K