gaku52/06-data-and-security/security-fundamentals
06-data-and-security/security-fundamentals/SKILL.md
[日本語版](../../ja/06-data-and-security/security-fundamentals/SKILL.md) # Security Fundamentals > Security is the foundation of software development. This skill systematically covers the essential security knowledge every engineer needs — from the OWASP Top 10 and cryptography to network security, application security, cloud security, and security operations. ## Target Audience - Engineers who want to build a systematic understanding of security fundamentals - Developers aiming to build secure
$ install --global
skillsauthnpx skillsauth add gaku52/claude-code-skills 06-data-and-security/security-fundamentalsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 11, 2026, 2:25 AM37.4s26 files scanned
SKILL.md
日本語版
Security Fundamentals
Security is the foundation of software development. This skill systematically covers the essential security knowledge every engineer needs — from the OWASP Top 10 and cryptography to network security, application security, cloud security, and security operations.
Target Audience
- Engineers who want to build a systematic understanding of security fundamentals
- Developers aiming to build secure applications
- Those responsible for security audits and incident response
Prerequisites
- Basic understanding of web application architecture
- Foundational networking knowledge (TCP/IP, HTTP)
- Basic Linux command-line skills
Study Guide
00-basics — Security Fundamentals
| # | File | Description | |---|------|-------------|
01-web-security — Web Security
| # | File | Description | |---|------|-------------|
02-cryptography — Cryptography
| # | File | Description | |---|------|-------------|
03-network-security — Network Security
| # | File | Description | |---|------|-------------|
04-application-security — Application Security
| # | File | Description | |---|------|-------------|
05-cloud-security — Cloud Security
| # | File | Description | |---|------|-------------|
06-operations — Security Operations
| # | File | Description | |---|------|-------------|
Quick Reference
Security Checklist:
Web Applications:
✓ Input validation (server-side is mandatory)
✓ Parameterized queries (prevent SQL Injection)
✓ CSP header configuration (prevent XSS)
✓ CSRF tokens or SameSite=Lax
✓ HttpOnly + Secure cookies
✓ Enforce HTTPS (HSTS)
Authentication & Authorization:
✓ Password hashing with bcrypt/Argon2
✓ MFA (TOTP or WebAuthn)
✓ JWT signature verification (ES256 recommended)
✓ Principle of least privilege
Infrastructure:
✓ Dependency vulnerability scanning
✓ Container image scanning
✓ Secret management (never commit .env files)
✓ Log retention and audit trails
OWASP Top 10 (2021):
A01: Broken Access Control
A02: Cryptographic Failures
A03: Injection
A04: Insecure Design
A05: Security Misconfiguration
A06: Vulnerable Components
A07: Auth Failures
A08: Software/Data Integrity
A09: Logging Failures
A10: SSRF
References
- OWASP. "Top 10 Web Application Security Risks." owasp.org, 2021.
- NIST. "Cybersecurity Framework." nist.gov, 2024.
- Mozilla. "Web Security Guidelines." infosec.mozilla.org, 2024.
Related Skills
gaku52/web-development
tools
VerifiedTrustedCommunity
Fundamentals of modern web development. Framework selection (React, Vue, Next.js), project architecture, state management, routing, build tools, and CSS strategy best practices.
6SKILL.mdUpdated May 25, 2026
gaku52/04-web-and-network/react-development
development
VerifiedTrustedCommunity
# React Development — Complete Guide > A comprehensive guide to building modern React applications with TypeScript. Covers fundamentals through advanced patterns, Hooks mastery, TypeScript integration, performance optimization, and algorithm internals. ## Target Audience - Developers new to React who want a solid foundation - Intermediate React developers looking to deepen their understanding of Hooks and TypeScript patterns - Engineers who want to understand React's internal algorithms (Virt
6SKILL.mdUpdated May 23, 2026
gaku52/04-web-and-network/nodejs-development
development
VerifiedTrustedCommunity
# Node.js Development Skill > A practical guide collection for Node.js development. Covers all aspects of Node.js application development, including Express, NestJS, asynchronous patterns, and performance optimization. ## Overview This skill covers the following topics: - **Express & NestJS**: When to use a lightweight framework vs. an enterprise framework - **Asynchronous Patterns**: Promise, async/await, Event Emitter, Streams, Worker Threads, Cluster - **Performance Optimization**: Memory
5SKILL.mdUpdated May 25, 2026
gaku52/04-web-and-network/backend-development
development
VerifiedTrustedCommunity
# Backend Development — Complete Guide > A comprehensive guide to backend engineering. Covers the fundamentals of HTTP, REST API design, databases, authentication, environment configuration, and algorithm proofs — everything needed to build robust server-side systems. ## Target Audience - Developers new to backend engineering - Frontend engineers expanding toward full-stack development - Engineers looking to solidify their understanding of server-side fundamentals ## Prerequisites - Basic p
5SKILL.mdUpdated May 23, 2026