Security

This skill provides universal security guidelines and OWASP Top 10 best practices applicable to any technology stack.

See @REFERENCE.md for detailed documentation.

Quick Reference

• Validation: Always server-side, never trust client input
• Queries: Parameterized only (no SQL concatenation)
• Passwords: Hash with bcrypt/Argon2 (never MD5/SHA1)
• Secrets: Environment variables or vault (never in code)
• Headers: CSP, X-Frame-Options, HSTS, nosniff