Security

Security Skill

This skill provides expertise in ensuring the safety and integrity of the statFootV3 project.

When to use

Use this skill for:

• Auditing code for common vulnerabilities (OWASP Top 10).
• Hardening the application against SQL injection and XSS.
• Managing sensitive data and secrets (using .env).
• Implementing secure authentication and session management.
• Ensuring secure communication (HTTPS, CSP).

Hard Rules (CRITICAL)

• Secrets: NEVER commit secrets (passwords, API keys) to version control. Use environmental variables.
• SQLi: ALWAYS use parameterized queries. No exceptions.
• XSS: Sanitize all user-inputted data before rendering it in the UI.
• CSRF: Implement CSRF protection for all mutating requests (POST, PUT, DELETE).
• Headers: Use or similar middleware to set secure HTTP headers.