Marketplace
security-checklist
This skill should be used for OWASP, security review, authentication, XSS, SQL injection prevention, CSRF, input validation, secure coding, vulnerability scanning
$ Installer
git clone https://github.com/Zate/cc-plugins /tmp/cc-plugins && cp -r /tmp/cc-plugins/plugins/devloop/skills/security-checklist ~/.claude/skills/cc-plugins// tip: Run this command in your terminal to install the skill
SKILL.md
name: security-checklist description: This skill should be used for OWASP, security review, authentication, XSS, SQL injection prevention, CSRF, input validation, secure coding, vulnerability scanning whenToUse: Security review, auth security, vulnerability prevention, input validation, secure coding, OWASP Top 10, penetration testing prep, security audit whenNotToUse: Non-security code review, general code quality seeAlso:
- skill: api-design when: securing API endpoints
- skill: database-patterns when: SQL injection prevention
Security Checklist
Security review checklist based on OWASP Top 10.
Input Validation
- Validate all user input
- Use parameterized queries (no SQL concat)
- Sanitize HTML output (prevent XSS)
- Validate file uploads (type, size)
Authentication
- Hash passwords (bcrypt, argon2)
- Use secure session management
- Implement rate limiting
- Require strong passwords
Authorization
- Check permissions on every request
- Use principle of least privilege
- Validate ownership of resources
Data Protection
- Use HTTPS everywhere
- Don't log sensitive data
- Encrypt sensitive data at rest
- No secrets in source code
Headers
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000
Common Vulnerabilities
| Vuln | Prevention |
|---|---|
| SQL Injection | Parameterized queries |
| XSS | Output encoding |
| CSRF | CSRF tokens |
| Secrets | Environment variables |
Repository
Zate
Author
Zate/cc-plugins/plugins/devloop/skills/security-checklist
1
Stars
0
Forks
Updated1h ago
Added6d ago