owasp-security-auditlisted

# OWASP Security Best Practices Skill Apply these security standards when writing or reviewing code. ## Quick Reference: OWASP Top 10:2025 | # | Vulnerability | Key Prevention | |-----|---------------------------|--------------------------------------------------------| | A01 | Broken Access Control | Deny by default, enforce server-side, verify ownership | | A02 | Security Misconfiguration | Harden configs, disable defaults, minimize features | | A03 | Supply Chain Failures | Lock versions, verify integrity, audit dependencies | | A04 | Cryptographic Failures | TLS 1.2+, AES-256-GCM, Argon2/bcrypt for passwords | | A05 | Injection | Parameterized queries, input validation, safe APIs | | A06 | Insecure Design | Threat model, rate limit, design security controls | | A07 | Auth Failures | MFA, check breached passwords, secure sessions | | A08 | Integrity Failures | Sign packages, SRI for CDN, safe serialization | | A09 | Logging Failures | Log security events, structured format, alerting | | A10 | Exception Handling | Fail-closed, hide internals, log with context | ## Security Code Review Checklist When reviewing code, check for these issues: ### Input Handling - [ ] All user input validated server-side - [ ] Using parameterized queries (not string concatenation) - [ ] Input length limits enforced -