Security, QA & Best Practices Skill
Quick Start - Secure Authentication
javascript
import bcrypt from 'bcrypt';
import jwt from 'jsonwebtoken';
// Hash password
const password = 'user_password';
const hash = await bcrypt.hash(password, 10);
// Verify password
const isValid = await bcrypt.compare(password, hash);
// Issue JWT
const token = jwt.sign(
{ userId: 1, email: 'user@example.com' },
process.env.JWT_SECRET,
{ expiresIn: '24h', algorithm: 'HS256' }
);
// Verify JWT
const decoded = jwt.verify(token, process.env.JWT_SECRET);
Core Technologies
Security Tools
- •Burp Suite
- •OWASP ZAP
- •Snort/Suricata
- •Nmap
Testing Frameworks
- •Selenium / Cypress
- •Jest / pytest
- •JMeter / Gatling
- •Postman / Insomnia
Code Quality
- •SonarQube
- •ESLint / Prettier
- •Pylint / Black
Best Practices
- •OWASP Top 10 - Know and prevent vulnerabilities
- •Secure Coding - Input validation, parameterized queries
- •Testing - Unit, integration, and E2E tests
- •Code Review - Peer review process
- •Monitoring - Continuous security monitoring
- •Compliance - GDPR, HIPAA, PCI-DSS
- •Incident Response - Clear procedures
- •Documentation - Security policies