Security

Overview

Security is a cross-cutting concern that spans every layer of software development, from design through deployment and operations. Rather than being confined to a single language or framework, security principles such as defense in depth, least privilege, and secure defaults apply universally. This skill serves as the root entry point for all security-related guidance, organizing sub-skills around the major domains of application security: standards compliance (OWASP), threat modeling, authentication and authorization, cryptography, API security, input validation, data protection, supply chain integrity, security testing, logging and monitoring, secure SDLC practices, and the emerging field of AI security. Use this skill to navigate the security landscape and identify which specialized sub-skill addresses your specific concern.

Knowledge Map

+-----------------------------------------------------------------------+
|                     Governance & Compliance                           |
|            (Secure SDLC, Policies, Standards, Regulations)            |
+-----------------------------------------------------------------------+
|                       Application Security                            |
|  +-------------+  +-----------+  +--------------+  +---------------+  |
|  +--------+  +--------+  +-----------+  +-----------+  +--------+     |
|  |  Auth   |  | Crypto |  |Input/Output|  |API Security|  |Hygiene |     |
|  |(AuthN/Z)|  |(TLS,HE)|  |(Validate) |  |(REST,GQL) |  |(Trust  |     |
|  +--------+  +--------+  +-----------+  +-----------+  |Boundaries)|  |