Get the FREE Ultimate OpenClaw Setup Guide →

security

skill
npx machina-cli add skill Fujigo-Software/f5-framework-claude/security --openclaw
Files (1)
SKILL.md
3.3 KB

Security Skills

Overview

Security knowledge essential for building secure applications, protecting user data, and preventing common vulnerabilities.

Security Layers

┌─────────────────────────────────────────────┐
│              Application Security            │
│  ┌─────────────────────────────────────────┐│
│  │         Authentication & AuthZ          ││
│  │  ┌───────────────────────────────────┐  ││
│  │  │        Input Validation           │  ││
│  │  │  ┌─────────────────────────────┐  │  ││
│  │  │  │    Data Protection          │  │  ││
│  │  │  └─────────────────────────────┘  │  ││
│  │  └───────────────────────────────────┘  ││
│  └─────────────────────────────────────────┘│
│              Infrastructure Security         │
└─────────────────────────────────────────────┘

Categories

Authentication

  • JWT tokens and refresh strategies
  • OAuth 2.0 / OpenID Connect
  • Session management
  • Multi-factor authentication
  • Passwordless authentication

Authorization

  • Role-Based Access Control (RBAC)
  • Attribute-Based Access Control (ABAC)
  • Permission systems
  • Access control patterns

OWASP Top 10

  • Injection attacks
  • Broken authentication
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Security misconfiguration
  • Sensitive data exposure

API Security

  • Rate limiting
  • Input validation
  • API key management
  • CORS configuration

Data Protection

  • Encryption at rest/transit
  • Password hashing
  • Secrets management
  • Data masking/anonymization

Infrastructure

  • HTTPS/TLS configuration
  • Security headers
  • Container security
  • Network security

Compliance

  • GDPR requirements
  • PCI-DSS standards
  • Security auditing

Security Mindset

"Security is not a product, but a process." - Bruce Schneier

Always assume:

  • All input is malicious
  • External systems can be compromised
  • Attackers will find vulnerabilities
  • Defense in depth is essential

Quick Reference

ThreatPrimary DefenseSecondary Defense
SQL InjectionParameterized queriesInput validation
XSSOutput encodingCSP headers
CSRFCSRF tokensSameSite cookies
Auth bypassStrong authenticationSession management
Data breachEncryptionAccess control

Related Skills

Source

git clone https://github.com/Fujigo-Software/f5-framework-claude/blob/main/plugins/f5-core/skills/security/SKILL.mdView on GitHub

Overview

Security Skills cover essential practices for building secure apps, protecting user data, and preventing common vulnerabilities. It maps core areas like authentication, authorization, data protection, API security, and infrastructure hardening to actionable patterns.

How This Skill Works

It combines layered defense with practical controls. The skill references JWT/OAuth2 for authentication, RBAC/ABAC for authorization, encryption and secrets management for data protection, and HTTPS, security headers, and container/network security for infrastructure.

When to Use It

  • Designing a new web API or app that requires robust authentication and authorization
  • Securing sensitive user data with encryption, hashing, and access controls
  • Hardening deployments with TLS, security headers, and container/network security
  • Preparing security for compliance audits (GDPR, PCI-DSS) and ongoing security testing
  • Implementing security improvements after OWASP Top 10 findings or penetration tests

Quick Start

  1. Step 1: Align requirements with OWASP Top 10, GDPR/PCI-DSS as applicable; map auth, data protection, and infra needs
  2. Step 2: Implement core controls: parameterized queries/input validation, TLS, JWT/OAuth2, RBAC/ABAC, encryption, and secrets management
  3. Step 3: Add automated checks and reviews: security tests, code reviews, and monitoring for breaches

Best Practices

  • Assume input is malicious and validate/sanitize everywhere
  • Apply defense in depth with layered controls from authentication to infrastructure
  • Use parameterized queries and strict input validation to prevent injections
  • Enforce TLS, strong session management, MFA, and secure cookie attributes
  • Manage secrets securely and perform regular security audits and testing

Example Use Cases

  • JWT-based authentication with refresh tokens and MFA
  • RBAC/ABAC coupled with scoped permissions for API endpoints
  • Input validation, output encoding, and CSP headers to mitigate XSS
  • Encryption at rest and in transit plus secure password hashing and key management
  • HTTPS/TLS configuration, security headers, and container/network hardening

Frequently Asked Questions

Add this skill to your agents

Related Skills

accessibility

Fujigo-Software/f5-framework-claude

Web accessibility guidelines and implementation

api-design

Fujigo-Software/f5-framework-claude

API design principles for REST, GraphQL, and gRPC

database

Fujigo-Software/f5-framework-claude

Database design, SQL, NoSQL, and data management

performance

Fujigo-Software/f5-framework-claude

Performance optimization strategies and techniques

code-quality

Fujigo-Software/f5-framework-claude

Code quality practices, linting, and refactoring

devops

Fujigo-Software/f5-framework-claude

DevOps practices, CI/CD, and infrastructure management

Sponsor this space

Reach thousands of developers