security-patterns_skill

This skill helps you apply OWASP top 10 and secure coding patterns to prevent vulnerabilities and remediate risks.
  • Python

15

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill bejranonda/llm-autonomous-agent-plugin-for-claude --skill security-patterns

  • SKILL.md19.7 KB

Overview

This skill delivers a practical, code-first guide to OWASP security patterns, secure coding principles, vulnerability prevention strategies, and remediation best practices for building secure applications. It focuses on actionable patterns, tested code examples, and developer-friendly guidance so teams can prevent, detect, and fix common security issues early in the SDLC.

How this skill works

The skill inspects common application risks mapped to the OWASP Top 10 and provides secure alternatives with concrete code snippets, test examples, and configuration checklists. It covers access control, cryptography, injection, insecure design, misconfiguration, vulnerable dependencies, and authentication patterns, plus guidance for automated scanning and CI integration.

When to use it

  • During design reviews to apply secure-by-default principles and threat mitigation
  • When implementing authentication, authorization, and session management
  • While hardening APIs, templates, and database access against injection
  • Before release to verify dependency health and security headers
  • In CI pipelines to automate vulnerability scanning and policy enforcement

Best practices

  • Adopt deny-by-default and least-privilege for all access control decisions
  • Use proven crypto libraries, strong KDFs, and cryptographically secure RNGs
  • Validate input types and use parameterized queries or ORMs to prevent injection
  • Pin dependency versions and run automated scanners (pip-audit, SCA) in CI
  • Apply secure defaults for headers, CORS, error handling, and rate limiting

Example use cases

  • Implementing server-side authorization checks for multi-tenant APIs
  • Migrating insecure password storage to bcrypt with proper salt and cost
  • Replacing shell-based commands with validated subprocess calls
  • Configuring Flask/Talisman to enforce CSP, HSTS, and additional security headers
  • Adding pip-audit to a GitHub Actions workflow to block vulnerable dependencies

FAQ

Yes. It provides concise, language-specific snippets (Python) illustrating insecure vs. secure patterns that can be adapted and tested in your codebase.

Can I use the patterns for both web and API services?

Yes. Patterns cover web, API, backend services, and common infrastructure concerns like dependency management and CI-based scanning.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
security-patterns skill by bejranonda/llm-autonomous-agent-plugin-for-claude | VeilStrat