Security Patterns Skill
Overview
This skill teaches security best practices for Python development including vulnerability prevention and secure coding patterns.
Principles
- •Never Trust User Input: Always validate and sanitize
- •Defense in Depth: Multiple layers of security
- •Principle of Least Privilege: Minimal access required
- •Security by Design: Build security from the start
Key Capabilities
1. Common Vulnerabilities
- •SQL injection prevention
- •XSS (Cross-Site Scripting) prevention
- •CSRF (Cross-Site Request Forgery) protection
- •Input validation and sanitization
- •Authentication and authorization
2. Secure Coding
- •Password handling (bcrypt)
- •Cryptographic operations
- •Secure random generation
- •Secrets management
3. Security Auditing
- •bandit (Python security linter)
- •safety (dependency checker)
- •pip-audit (audit dependencies)
When to Use This Skill
Load this skill when:
- •Reviewing code for security vulnerabilities
- •Implementing secure authentication
- •Adding input validation
- •Securing file handling
- •Auditing dependencies
Sections
- •
common-vulnerabilities.md: SQL injection, XSS, CSRF - •
secure-coding.md: Password handling, cryptography - •
input-validation.md: Validation and sanitization - •
security-auditing.md: bandit, safety, pip-audit