security
0
keycloak-auth
Configure cookie-based OIDC authentication with Keycloak for affolterNET.Web.Bff. Use when setting up login/logout, token refresh, or Keycloak integration.
Mcafee123
testing-security
sorting
stars
current ordering strategy
query
all entries
refine the visible subset
security
0
enterprise-rbac-models
Comprehensive guide to implementing Role-Based Access Control for enterprise applications with hierarchical roles, custom permissions, and multi-level access
AmnadTaowsoam
testing-security
security
0
context-pack
Keep development token use low by refreshing and relying on local context packs.
moumit-b
testing-security
security
0
authentication
Implement authentication with Supabase, OAuth providers, and session management. Use when adding login, OAuth flows, or protecting routes.
ykzts
testing-security
security
0
moai-security-auth
Modern authentication patterns with MFA, FIDO2, WebAuthn & Passkeys
jg-chalk-io
testing-security
security
0
security-checklist
Application security best practices and vulnerability prevention. Use when reviewing code for security issues, implementing authentication, or discussing OWASP vulnerabilities. Triggers on mentions of security, authentication, authorization, XSS, SQL injection, CSRF, OWASP, encryption, secrets.
eous
testing-security
security
0
security-validation
Security validation for password generator applications. Use when reviewing or implementing security measures for password handling.
yldgio
testing-security
security
0
mcp-integration
Configure and manage MCP (Model Context Protocol) servers for AI agent tooling. Use when adding MCP servers, configuring authentication (OAuth 2.1 or API keys), managing opencode.json, implementing token flows, or troubleshooting MCP connections. Covers registry patterns, PKCE authentication, and the Result-based service architecture.
co-labs-co
testing-security
security
0
password-reset-flow
Implement secure password reset with Rails 8's built-in token generation. Use when building "forgot password" functionality with email verification and time-limited reset tokens.
rbarazi
testing-security
security
0
web-fuzzing
Web application security testing using fuzzing techniques to discover vulnerabilities, injection points, and edge cases
ljchg12-hue
testing-security
security
0
mechanics-check
Audit SENTINEL game data integrity. Validates regions, jobs, vehicles, and favors against schema enums.
KvFxKaido
testing-security
security
0
digital-signature
Security pattern for implementing digital signatures. Use when implementing document signing, code signing, certificate signing, non-repudiation, or verifying authenticity and integrity of messages using asymmetric cryptography (RSA, ECDSA, Ed25519).
igbuend
testing-security
security
0
zitadel-identity
Zitadel identity provider setup, configuration, and OIDC integration. Use when: (1) Setting up Zitadel as OIDC/OAuth2 identity provider (2) Configuring Zitadel with Caddy reverse proxy (3) Creating OAuth2/OIDC applications for services (4) Managing users, organizations, and service accounts (5) Integrating applications with Zitadel SSO (Nextcloud, Windmill, etc.) (6) Troubleshooting authentication, token, or connectivity issues (7) Using Zitadel APIs for automation
dimdasci
testing-security
security
0
security-checklist
Prevents RCE, SQL injection, and common vulnerabilities through validation and safe coding practices. Use when implementing or reviewing security-sensitive code involving user input, database queries, or command execution.
binee108
testing-security
security
0
adb-bypass
PlayIntegrityFork bypass verification and validation for Play Integrity spoofing detection
rdmptv
testing-security
security
0
global-validation
Implement comprehensive input validation on server-side with complementary client-side validation for user experience, using allowlists, type checking, and sanitization to prevent injection attacks. Use this skill when validating user inputs, form data, API requests, file uploads, query parameters, or any external data entering the application. Apply this skill when implementing server-side validation as the primary security layer, adding client-side validation for immediate user feedback, validating data types and formats, checking ranges and required fields, sanitizing inputs to prevent SQL injection and XSS attacks, using allowlists over blocklists, providing field-specific error messages, or enforcing business rules at appropriate application layers. This skill ensures validation happens at all entry points consistently, security is never dependent on client-side checks alone, users receive helpful immediate feedback, and data integrity is maintained through multiple layers of validation.
overtimepog
testing-security
security
0
validate-secrets
Validate SOPS encryption on secret files before committing. Use when staging secrets, committing encrypted files, or checking if secrets are properly encrypted. Prevents committing unencrypted secrets.
piotrb
testing-security
security
0
authentication-setup
Implement JWT authentication with bcrypt password hashing, refresh tokens, account lockout, and password reset flow. Use when setting up authentication or login system.
PrasadTelasula
testing-security
security
0
multi-tenancy-patterns
Use this skill when implementing or modifying multi-tenant data isolation and security.
michaellperry
testing-security
security
0
vulnerability-analysis
Identify vulnerability class, analyze root cause, and plan exploitation strategy.
amattas
testing-security
security
0
oauth21-bearer-token
OAuth 2.1 Bearer Token usage guide. Use when implementing access token transmission, Authorization header support, resource server validation, and security requirements. Covers query parameter prohibition and token protection. Based on OAuth 2.1 Section 5 requirements.
maronnjapan
testing-security
security
0
fullstory-identify-users
Comprehensive guide for implementing Fullstory's User Identification API (setIdentity) across web applications. Teaches proper uid handling, property passing, re-identification behavior, and session management. Includes detailed good/bad examples for login flows, multi-account scenarios, and SPA applications to help developers correctly identify users for analytics and session replay.
rcmaples
testing-security