application-security

Secure applications against common vulnerabilities. Use when reviewing code for security, implementing security controls, or hardening applications. Covers OWASP Top 10.

allowed_tools: Read, Glob, Grep

$ 安裝

git clone https://github.com/dralgorhythm/claude-agentic-framework /tmp/claude-agentic-framework && cp -r /tmp/claude-agentic-framework/.claude/skills/security/application-security ~/.claude/skills/claude-agentic-framework

// tip: Run this command in your terminal to install the skill

SKILL.md

View on GitHub →

name: application-security description: Secure applications against common vulnerabilities. Use when reviewing code for security, implementing security controls, or hardening applications. Covers OWASP Top 10. allowed-tools: Read, Glob, Grep

Application Security

OWASP Top 10 (2021)

1. Broken Access Control

Risk: Users accessing unauthorized resources.

Prevention:

Deny by default
Implement RBAC/ABAC
Validate permissions server-side
Log access failures

2. Cryptographic Failures

Risk: Sensitive data exposure.

Prevention:

Encrypt data at rest and in transit
Use strong algorithms (AES-256, RSA-2048+)
Never store passwords in plaintext
Use secure key management

3. Injection

Risk: Malicious input executed as code.

Prevention:

// BAD - SQL injection
const query = `SELECT * FROM users WHERE id = ${userId}`;

// GOOD - Parameterized query
const query = 'SELECT * FROM users WHERE id = $1';
db.query(query, [userId]);

4. Insecure Design

Risk: Missing security controls by design.

Prevention:

Threat modeling
Security requirements
Defense in depth

5. Security Misconfiguration

Risk: Default or weak configuration.

Prevention:

Disable unnecessary features
Remove default credentials
Keep software updated
Harden server configuration

6. Vulnerable Components

Risk: Using libraries with known vulnerabilities.

Prevention:

Regular dependency audits
Keep dependencies updated
Monitor CVE databases

7. Authentication Failures

Risk: Weak or broken authentication.

Prevention:

Multi-factor authentication
Strong password policies
Secure session management
Rate limiting on login

8. Software & Data Integrity

Risk: Untrusted sources for updates.

Prevention:

Verify code signatures
Use SRI for CDN resources
Secure CI/CD pipeline

9. Logging & Monitoring Failures

Risk: Attacks go undetected.

Prevention:

Log security events
Monitor for anomalies
Alert on suspicious activity

10. Server-Side Request Forgery

Risk: Server makes requests to unintended destinations.

Prevention:

Validate URLs
Use allowlists
Block internal IPs

application-security

$ 安裝

name: application-security description: Secure applications against common vulnerabilities. Use when reviewing code for security, implementing security controls, or hardening applications. Covers OWASP Top 10. allowed-tools: Read, Glob, Grep

Application Security

OWASP Top 10 (2021)

1. Broken Access Control

2. Cryptographic Failures

3. Injection

4. Insecure Design

5. Security Misconfiguration

6. Vulnerable Components

7. Authentication Failures

8. Software & Data Integrity

9. Logging & Monitoring Failures

10. Server-Side Request Forgery

Repository

Actions

Related Skills