Back to Skills

secure-coding

verified

Provides guidance on secure coding practices including OWASP Top 10 2025, CWE Top 25, input validation, output encoding, and language-specific security patterns. Use when reviewing code for security vulnerabilities, implementing security controls, or learning secure development practices.

View on GitHub

Marketplace

melodic-software

melodic-software/claude-code-plugins

Plugin

security

Repository
Verified Org

melodic-software/claude-code-plugins
13stars

plugins/security/skills/secure-coding/SKILL.md

Last Verified

January 21, 2026

Install Skill

Select agents to install to:

Scope:
npx add-skill https://github.com/melodic-software/claude-code-plugins/blob/main/plugins/security/skills/secure-coding/SKILL.md -a claude-code --skill secure-coding

Installation paths:

Claude
.claude/skills/secure-coding/
Powered by add-skill CLI

Instructions

# Secure Coding

Comprehensive guidance for writing secure code, covering OWASP Top 10 2025, CWE Top 25, and language-specific security patterns.

## When to Use This Skill

Use this skill when:

- Reviewing code for security vulnerabilities
- Implementing input validation or output encoding
- Learning about common security weaknesses (OWASP, CWE)
- Fixing identified security issues
- Writing security-sensitive code (authentication, authorization, data handling)
- Conducting security code reviews

## OWASP Top 10 2025 Quick Reference

| Rank | Vulnerability | Key Mitigation |
|------|--------------|----------------|
| A01 | Broken Access Control | Server-side access checks, deny by default, CORS restrictions |
| A02 | Security Misconfiguration | Hardened configs, remove defaults, disable unnecessary features |
| A03 | Software Supply Chain Failures | SCA, SBOM, verify dependencies, integrity checks |
| A04 | Cryptographic Failures | Strong encryption (AES-256), TLS 1.2+, no deprecated algorithms |
| A05 | Injection | Parameterized queries, input validation, context-aware encoding |
| A06 | Insecure Design | Threat modeling, secure design patterns, defense in depth |
| A07 | Authentication Failures | MFA, strong passwords, secure session management |
| A08 | Data Integrity Failures | Digital signatures, integrity verification, secure CI/CD |
| A09 | Logging & Alerting Failures | Centralized logging, anomaly detection, audit trails |
| A10 | Mishandling Exceptions | Fail securely, generic error messages, complete exception handling |

**For detailed mitigations:** See [OWASP Top 10 2025 Reference](references/owasp-top-10-2025.md)

## Core Secure Coding Principles

### 1. Input Validation

**Never trust user input.** Validate all inputs on the server side.

```csharp
using System.Text.RegularExpressions;

// Good: Server-side validation with allowlist
public static partial class InputValidation
{
    [GeneratedRegex(@"^[a-zA-Z0-9_]{3,20}$")]
    private static partial

Validation Details

Front Matter
Required Fields
Valid Name Format
Valid Description
Has Sections
Allowed Tools
Instruction Length:
10298 chars