askill
security

securitySafety 95Repository

Security patterns, OWASP checks, and vulnerability prevention. Load when reviewing security, handling auth, or checking for vulnerabilities.

securitygoranjovic55
0 stars
1.2k downloads
Updated 2/9/2026

Package Files

Loading files...
SKILL.md

Security

OWASP Top 10 Checklist

VulnerabilityCheck
InjectionParameterized queries, input sanitization
Broken AuthJWT validation, session management
Sensitive DataEncryption, secure transmission
XXEDisable external entities in XML parsers
Broken AccessRole-based access control
MisconfigSecurity headers, default credentials
XSSOutput encoding, CSP headers
Insecure DeserializationValidate serialized data
Vulnerable ComponentsDependency scanning
Insufficient LoggingAudit logging, monitoring

Auth Patterns

# Pattern 1: JWT validation
from datetime import datetime
import jwt

def verify_token(token: str) -> dict:
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=["HS256"])
        if datetime.utcnow() > datetime.fromtimestamp(payload["exp"]):
            raise HTTPException(401, "Token expired")
        return payload
    except jwt.InvalidTokenError:
        raise HTTPException(401, "Invalid token")

# Pattern 2: Password hashing
from passlib.context import CryptContext

pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")

def hash_password(password: str) -> str:
    return pwd_context.hash(password)

def verify_password(plain: str, hashed: str) -> bool:
    return pwd_context.verify(plain, hashed)

Input Validation

# Pattern 3: Input sanitization
from pydantic import BaseModel, validator
import re

class UserInput(BaseModel):
    email: str
    
    @validator('email')
    def validate_email(cls, v):
        if not re.match(r'^[\w\.-]+@[\w\.-]+\.\w+$', v):
            raise ValueError('Invalid email format')
        return v.lower()

# Pattern 4: SQL injection prevention
# NEVER do this:
# query = f"SELECT * FROM users WHERE id = {user_id}"

# ALWAYS do this:
result = await db.execute(
    select(User).where(User.id == user_id)
)

Security Headers

# FastAPI security headers middleware
@app.middleware("http")
async def add_security_headers(request, call_next):
    response = await call_next(request)
    response.headers["X-Content-Type-Options"] = "nosniff"
    response.headers["X-Frame-Options"] = "DENY"
    response.headers["X-XSS-Protection"] = "1; mode=block"
    response.headers["Strict-Transport-Security"] = "max-age=31536000"
    return response

Gotchas

CategoryPatternSolution
SecretsHardcoded in codeUse environment variables
AuthToken in URLUse headers or cookies
CORSWildcard originSpecify allowed origins
LoggingSensitive data loggedRedact PII from logs
DepsOutdated packagesRegular dependency updates

Commands

TaskCommand
Check depspip-audit or npm audit
Scan secretstrufflehog or gitleaks
SASTbandit (Python) or eslint-plugin-security

Install

Download ZIP
Requires askill CLI v1.0+

AI Quality Score

90/100Analyzed 2/23/2026

High-quality security skill with comprehensive OWASP checklist, practical code patterns for JWT validation, password hashing, input sanitization, and security headers. Includes actionable tool commands for dependency scanning and secret detection. Well-structured with tables and clear examples. Minor deduction for being in hidden config directory but content is generic and reusable. Missing some topics like CSRF and rate limiting but otherwise excellent reference material.

95
90
90
80
90

Metadata

Licenseunknown
Version-
Updated2/9/2026
Publishergoranjovic55

Tags

apidatabaseobservabilitysecurity