software-security-appsec
Software Security & AppSec — Quick Reference
Production-grade security patterns for building secure applications in Jan 2026. Covers OWASP Top 10:2025 (stable) https://owasp.org/Top10/2025/ plus OWASP API Security Top 10 (2023) https://owasp.org/API-Security/ and secure SDLC baselines (NIST SSDF) https://csrc.nist.gov/publications/detail/sp/800-218/final.
When to Use This Skill
Activate this skill when:
- Implementing authentication or authorization systems
- Handling user input that could lead to injection attacks (SQL, XSS, command injection)
- Designing secure APIs or web applications
- Working with cryptographic operations or sensitive data storage
- Conducting security reviews, threat modeling, or vulnerability assessments
- Responding to security incidents or compliance audit requirements
- Building systems that must comply with OWASP, NIST, PCI DSS, GDPR, HIPAA, or SOC 2
- Integrating third-party dependencies (supply chain security review)
- Implementing zero trust architecture or modern cloud-native security patterns
More from vasilyu1983/ai-agents-public
product-management
Founder-PM toolkit for discovery, roadmaps, prioritization, and PMF measurement. Use when planning product strategy, metrics, or roadmaps.
684software-architecture-design
Designs system structure across monolith/microservices/serverless. Use when structuring systems, scaling, decomposing monoliths, or choosing patterns.
519software-ui-ux-design
Designs and audits UI/UX with WCAG 2.2 accessibility. Use when designing flows, running heuristic reviews, or defining design systems.
383qa-testing-playwright
E2E web testing with Playwright. Use when writing tests, debugging flakes, or setting up CI with selectors, sharding, and network mocking.
372document-pdf
Extract text/tables from PDFs, create formatted PDFs, merge/split/rotate, and handle forms. Use for any PDF generation or parsing task.
327qa-testing-strategy
Risk-based test strategy for software delivery. Use when defining coverage, setting CI gates, managing flaky tests, or establishing release criteria.
317