Skill UI

A comprehensive guide for developers on building secure and robust APIs across REST, GraphQL, and WebSocket protocols. It covers essential security patterns including robust authentication (JWT, OAuth 2.0), granular authorization (RBAC), input validation to prevent injection attacks (SQLi, XSS), rate limiting, and best practices for data encryption and secure headers. Essential for developers preparing for security audits.

A specialized workflow guide for comprehensive security testing of REST and GraphQL APIs. It systematically covers critical security aspects such as authentication validation (OAuth2, JWT), authorization checks (IDOR, privilege escalation), input validation (SQL/NoSQL injection), rate limiting enforcement, and secure error handling. Ideal for vulnerability assessment, bug bounty programs, and pre-deployment security audits.

This meta-skill is designed to guide and execute structured developmental workflows, enabling continuous skill improvement and knowledge transfer. It is applicable when a task requires following a defined developmental process. Users must ensure all necessary inputs, permissions, and success criteria are provided, and must treat the output as a guide, supplementing professional validation.

An expert developer specializing in secure backend coding practices, vulnerability mitigation, and robust API design. Proficient in preventing common attacks such as SQL injection, XSS, and CSRF. Covers comprehensive areas including input validation, authentication mechanisms (OAuth 2.0, MFA), database security, and implementing necessary security headers (CSP, HSTS) for building secure-by-design applications. Ideal for implementing security fixes or building new, hardened backend services.

This guide provides comprehensive techniques for writing highly robust, production-grade Bash scripts. It covers advanced error handling, input validation, and safety best practices essential for building reliable CI/CD pipelines, system administration utilities, and mission-critical automation scripts that must handle edge cases gracefully.

Master essential practices for writing robust, secure, and portable Bash scripts suitable for production environments, CI/CD pipelines, and critical system automation. This guide covers strict error handling, safe argument parsing, input validation, process orchestration, and cross-platform compatibility, ensuring scripts are resilient to unexpected inputs and failures.

Provides comprehensive tools for managing enriched lead data in compliance with global privacy regulations like GDPR and CCPA. This skill guides practitioners through data classification (identifying PII sensitivity), input validation, deduplication, implementing data retention metadata, and anonymizing sensitive fields for secure reporting and analytics.

Automates code injection detection guidance as part of Security Fundamentals, offering step-by-step advice, best-practice patterns, and production-ready snippets for authentication, input validation, and secure coding scenarios.

This guide provides comprehensive best practices for securing Evernote API integrations. It covers essential topics like secure credential management using environment variables or vaults, implementing CSRF-protected OAuth flows, encrypting access tokens at rest using AES-256-GCM, rigorous input validation, and ensuring secure logging practices by redacting sensitive data. Use this when hardening your application against data breaches.

This skill guides the development of robust, security-focused full-stack web applications. It ensures layered security coverage across the entire application stack, from database queries (parameterized queries) to API endpoints (authentication/authorization) and frontend components (input validation, output encoding). Use this when building end-to-end features, microservices, or REST APIs that require simultaneous attention to Frontend, Backend, and Security best practices.

This guide outlines critical security measures for integrating with Guidewire systems, which handle sensitive policyholder PII, claims, and financial data. It covers best practices for implementing OAuth2 JWT authentication, API role scoping, input validation, and sensitive data redaction (PII) to prevent data breaches and meet compliance standards.

Automates input validation checker guidance within the Security Fundamentals category, offering best practices, secure coding patterns, production-ready snippets, and output validation for common standards.