Search Results: secure-coding

Found 79 Skills

Security & Compliancejabrena/cursor-rules-java

124-java-secure-coding

Use when you need to apply Java secure coding best practices — including validating untrusted inputs, defending against injection attacks with parameterized queries, minimizing attack surface via least privilege, applying strong cryptographic algorithms, handling exceptions securely without exposing sensitive data, managing secrets at runtime, avoiding unsafe deserialization, and encoding output to prevent XSS. Part of the skills-for-java project

🇺🇸|EnglishTranslated

Security & Compliancenickcrew/claude-ctx-plugi...

secure-coding-practices

Secure coding practices and defensive programming patterns for building security-first applications. Use when implementing authentication, handling user input, managing sensitive data, or conducting secure code reviews.

🇺🇸|EnglishTranslated

Security & Compliancevchirrav/owasp-secure-cod...

secure-coding-audit

Audit code for security vulnerabilities using OWASP Secure Coding rules. Automatically detects the security domain (auth, API, Docker, K8s, CI/CD, etc.) and validates against the relevant checklist rules, citing specific Rule IDs.

🇺🇸|EnglishTranslated

Security & Compliancevchirrav/owasp-secure-cod...

secure-coding-generate

Generate secure code following OWASP Secure Coding rules. Automatically detects the security domain and produces code with inline Rule ID citations (e.g., [INPUT-04], [AUTH-07]) plus a rules-applied summary.

🇺🇸|EnglishTranslated

Security & Compliancevchirrav/owasp-secure-cod...

iac-scan-tfsec

Run tfsec (now part of Trivy) to scan Terraform code for security misconfigurations. Deep HCL analysis with support for Terraform modules, variables, and expressions.

🇺🇸|EnglishTranslated

Security & Compliancevchirrav/owasp-secure-cod...

malware-scan-yara

Run YARA rules for pattern-based malware identification. Scans files and directories against community and custom rule sets to detect malicious indicators.

🇺🇸|EnglishTranslated

Security & Compliancevchirrav/owasp-secure-cod...

container-scan-dockle

Run Dockle to audit container images against CIS Docker Benchmark and best practices. Checks for running as root, sensitive files, HEALTHCHECK, and more.

🇺🇸|EnglishTranslated

Security & Compliancevchirrav/owasp-secure-cod...

sast-spotbugs

Run SpotBugs with Find Security Bugs plugin on Java code. Detects injection flaws, XXE, insecure crypto, SSRF, deserialization, and other JVM security bugs.

🇺🇸|EnglishTranslated

Security & Compliancevchirrav/owasp-secure-cod...

sast-semgrep

Run Semgrep SAST scans on code. Supports 30+ languages with OWASP, security, and custom rulesets. Parses results and provides remediation guidance.

🇺🇸|EnglishTranslated

Security & Compliancevchirrav/owasp-secure-cod...

mobile-security-mobsf

Run MobSF (Mobile Security Framework) for automated static and dynamic analysis of Android and iOS apps. Detects insecure storage, weak crypto, hardcoded secrets, and permission issues.

🇺🇸|EnglishTranslated

DevOps & Cloud Servicesvchirrav/owasp-secure-cod...

container-scan-hadolint

Run Hadolint to lint Dockerfiles for best practices and security issues. Validates against Docker and ShellCheck rules.

🇺🇸|EnglishTranslated

Security & Compliancevchirrav/owasp-secure-cod...

sast-psalm

Run Psalm with taint analysis on PHP code. Detects SQL injection, XSS, command injection, path traversal, and other taint-flow vulnerabilities in PHP applications.

🇺🇸|EnglishTranslated