광고[ For iPhone / iPad ] 🔥 Nugget의 믿을 수 없는 인터랙티브 월페이퍼. 이런 것은 본 적이 없을 것입니다!
skills.homes logoskills.homescapability registry
home/categories/security
category focus

Security

Encryption, auth, and vulnerability scanning.

2506 스킬all categories
sorting
stars
current ordering strategy
query
all entries
refine the visible subset
security
0

mcp-integration

Configure and manage MCP (Model Context Protocol) servers for AI agent tooling. Use when adding MCP servers, configuring authentication (OAuth 2.1 or API keys), managing opencode.json, implementing token flows, or troubleshooting MCP connections. Covers registry patterns, PKCE authentication, and the Result-based service architecture.

co-labs-co
co-labs-co
testing-security
open
security
0

password-reset-flow

Implement secure password reset with Rails 8's built-in token generation. Use when building "forgot password" functionality with email verification and time-limited reset tokens.

rbarazi
rbarazi
testing-security
open
security
0

web-fuzzing

Web application security testing using fuzzing techniques to discover vulnerabilities, injection points, and edge cases

ljchg12-hue
ljchg12-hue
testing-security
open
security
0

security

Write secure web pages and applications. Use when handling user input, forms, external resources, authentication, or implementing security headers and CSP.

ProfPowell
ProfPowell
testing-security
open
security
0

mechanics-check

Audit SENTINEL game data integrity. Validates regions, jobs, vehicles, and favors against schema enums.

KvFxKaido
KvFxKaido
testing-security
open
security
0

digital-signature

Security pattern for implementing digital signatures. Use when implementing document signing, code signing, certificate signing, non-repudiation, or verifying authenticity and integrity of messages using asymmetric cryptography (RSA, ECDSA, Ed25519).

igbuend
igbuend
testing-security
open
security
0

zitadel-identity

Zitadel identity provider setup, configuration, and OIDC integration. Use when: (1) Setting up Zitadel as OIDC/OAuth2 identity provider (2) Configuring Zitadel with Caddy reverse proxy (3) Creating OAuth2/OIDC applications for services (4) Managing users, organizations, and service accounts (5) Integrating applications with Zitadel SSO (Nextcloud, Windmill, etc.) (6) Troubleshooting authentication, token, or connectivity issues (7) Using Zitadel APIs for automation

dimdasci
dimdasci
testing-security
open
security
0

security-checklist

Prevents RCE, SQL injection, and common vulnerabilities through validation and safe coding practices. Use when implementing or reviewing security-sensitive code involving user input, database queries, or command execution.

binee108
binee108
testing-security
open
security
0

adb-bypass

PlayIntegrityFork bypass verification and validation for Play Integrity spoofing detection

rdmptv
rdmptv
testing-security
open
security
0

global-validation

Implement comprehensive input validation on server-side with complementary client-side validation for user experience, using allowlists, type checking, and sanitization to prevent injection attacks. Use this skill when validating user inputs, form data, API requests, file uploads, query parameters, or any external data entering the application. Apply this skill when implementing server-side validation as the primary security layer, adding client-side validation for immediate user feedback, validating data types and formats, checking ranges and required fields, sanitizing inputs to prevent SQL injection and XSS attacks, using allowlists over blocklists, providing field-specific error messages, or enforcing business rules at appropriate application layers. This skill ensures validation happens at all entry points consistently, security is never dependent on client-side checks alone, users receive helpful immediate feedback, and data integrity is maintained through multiple layers of validation.

overtimepog
overtimepog
testing-security
open
security
0

validate-secrets

Validate SOPS encryption on secret files before committing. Use when staging secrets, committing encrypted files, or checking if secrets are properly encrypted. Prevents committing unencrypted secrets.

piotrb
piotrb
testing-security
open
security
0

authentication-setup

Implement JWT authentication with bcrypt password hashing, refresh tokens, account lockout, and password reset flow. Use when setting up authentication or login system.

PrasadTelasula
PrasadTelasula
testing-security
open
security
0

multi-tenancy-patterns

Use this skill when implementing or modifying multi-tenant data isolation and security.

michaellperry
michaellperry
testing-security
open
security
0

vulnerability-analysis

Identify vulnerability class, analyze root cause, and plan exploitation strategy.

amattas
amattas
testing-security
open
security
0

security

Application security patterns - authentication, secrets management, input validation, OWASP Top 10. Use when: auth, JWT, secrets, API keys, SQL injection, XSS, CSRF, RLS, security audit, pen testing basics.

ScientiaCapital
ScientiaCapital
testing-security
open
security
0

oauth21-bearer-token

OAuth 2.1 Bearer Token usage guide. Use when implementing access token transmission, Authorization header support, resource server validation, and security requirements. Covers query parameter prohibition and token protection. Based on OAuth 2.1 Section 5 requirements.

maronnjapan
maronnjapan
testing-security
open
security
0

fullstory-identify-users

Comprehensive guide for implementing Fullstory's User Identification API (setIdentity) across web applications. Teaches proper uid handling, property passing, re-identification behavior, and session management. Includes detailed good/bad examples for login flows, multi-account scenarios, and SPA applications to help developers correctly identify users for analytics and session replay.

rcmaples
rcmaples
testing-security
open
security
0

rbac-validator

Validates role-based access control (RBAC) implementation for four-tier permissions in the NABIP AMS (Member, Chapter Admin, State Admin, National Admin). Use when implementing permission checks, RLS policies, UI access controls, or audit logging for multi-tenant association management.

markus41
markus41
testing-security
open
security
0

review-trufflehog

Review and triage Trufflehog secret detection scan results to identify real credential exposures. Use when analyzing trufflehog output, triaging secret findings, reviewing credential leaks, or when the user has trufflehog results to review. Can also run scans for an organization. Filters out test/demo secrets and prioritizes verified findings with source code context analysis.

chrismcmacken
chrismcmacken
testing-security
open
security
0

idor-vulnerability-testing

This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or object references," or "bypass authorization to access other users' data." It provides comprehensive guidance for detecting, exploiting, and remediating IDOR vulnerabilities in web applications.

MAF2414
MAF2414
testing-security
open
security
0

security

Security Engineer and application security expert. Performs threat modeling, security architecture review, penetration testing, vulnerability assessment, and security compliance. Handles OWASP Top 10, authentication security, authorization, encryption, secrets management, HTTPS/TLS, CORS, CSRF, XSS, SQL injection prevention, secure coding practices, security audits, and compliance (GDPR, HIPAA, PCI-DSS, SOC 2). Activates for security, security review, threat model, vulnerability, penetration testing, pen test, OWASP, authentication security, authorization, encryption, secrets, HTTPS, TLS, SSL, CORS, CSRF, XSS, SQL injection, secure coding, security audit, compliance, GDPR, HIPAA, PCI-DSS, SOC 2, security architecture, secrets management, rate limiting, brute force protection, session security, token security, JWT security, is this secure, security check, review security, find vulnerabilities, security scan, security test, hack proof, prevent hacking, protect from attacks, DDoS protection, bot protection, WAF,

angeldev96
angeldev96
testing-security
open
security
0

generate-policy

Generates a Laravel Policy class for authorization logic. Use when adding permission checks for a model or resource (e.g., "Create a policy for the Course model").

hieupvXmasEve
hieupvXmasEve
testing-security
open
security
0

supabase-auth

Implements Supabase Authentication with email, OAuth, magic links, and phone auth. Use when building apps with Supabase, needing auth integrated with Row Level Security, or implementing passwordless login.

mgd34msu
mgd34msu
testing-security
open
security
0

security-hardening

Review code for application-level security hardening issues beyond framework checklists. Focuses on abuse prevention, API protection, business logic exploitation, rate limiting, input validation, and early request rejection. Use when auditing code for security, reviewing endpoints for abuse potential, or checking application resilience to real-world attacks.

colinmollenhour
colinmollenhour
testing-security
open
Previous
Page 102 / 105
Next