security-checklistlisted

# Security Checklist ## Overview This skill provides comprehensive security guidance for building secure applications. Whether performing a security audit, implementing new features, or hardening existing systems, this framework helps identify and mitigate common vulnerabilities. **When to use this skill:** - Conducting security audits or reviews - Implementing authentication and authorization - Validating and sanitizing user input - Handling sensitive data (PII, credentials, payment info) - Ensuring compliance (GDPR, HIPAA, SOC2) - Preparing for security assessments or penetration tests - Reviewing third-party dependencies for vulnerabilities ## Required Tools This skill requires the following tools to be installed on your system: ### For JavaScript/TypeScript Projects - **Node.js 18+** with npm - **Command:** `npm audit` - **Install:** Node.js comes with npm pre-installed ### For Python Projects - **Python 3.8+** with pip - **pip-audit:** Security scanner for Python dependencies - **Install:** `pip install pip-audit` - **Command:** `pip-audit` ### Optional (Advanced Security Scanning) - **Semgrep:** Static analysis tool - **Install (macOS):** `brew install semgrep` - **Install (pip):** `pip install semgrep` - **Command:** `semgrep --config=auto .` - **Bandit:** Python security linter - **Install:** `pip install bandit` - **Command:** `bandit -r .` - **TruffleHog:** Secrets detection - **Install (macOS):** `brew install trufflesecurity/trufflehog/tr