Skip to main content
تشغيل أي مهارة في Manus
بنقرة واحدة
مستودع GitHub

security-for-vibecoders

يحتوي security-for-vibecoders على 17 من skills المجمعة من afu-it، مع تغطية مهنية على مستوى المستودع وصفحات skill داخل الموقع.

skills مجمعة
17
Stars
3
محدث
2026-05-28
Forks
1
التغطية المهنية
2 فئات مهنية · 100% مصنفة
مستكشف المستودعات

Skills في هذا المستودع

access-control-patterns
مطوّرو البرمجيات

Enterprise-grade access control patterns to prevent broken access control, IDOR, tenant data leaks, privilege escalation, and admin route exposure. Covers RBAC, ABAC, ownership checks, multi-tenant scoping, policy middleware, row-level security, and audit logging for Node.js, Cloudflare Workers, Laravel, and Python. Use when protecting routes, implementing roles, reviewing authorization, or fixing OWASP A01 findings.

2026-05-28
audit-logging-workers
مطوّرو البرمجيات

Add structured audit logging with immutable R2 storage to Cloudflare Workers. Creates a typed audit utility, instruments all API routes, deploys a tail worker for persistent log storage, and configures R2 bucket lock for tamper-resistance. Use when adding logging, audit trails, or PDPA compliance to a Cloudflare Workers project.

2026-05-28
auth-hardening
مطوّرو البرمجيات

Harden authentication systems against session fixation, brute-force attacks, and weak password storage. Covers bcrypt/argon2 hashing, JWT best practices, session management, and account lockout. Use when implementing login, fixing auth vulnerabilities, or reviewing authentication code.

2026-05-28
ci-security-gates
مطوّرو البرمجيات

Add CodeQL SAST, Gitleaks secret scanning, and dependency audit to any CI/CD pipeline. Blocks deployment if vulnerabilities or secrets are detected. Covers GitHub Actions, GitLab CI, and generic pipelines. Use when setting up CI security, adding SAST, preventing secret leaks, or hardening deployment pipelines.

2026-05-28
cors-configuration
مطوّرو البرمجيات

Configure CORS correctly to prevent credential leaks and unauthorized cross-origin access. Covers Express, Next.js, Cloudflare Workers, Laravel, and FastAPI. Use when setting up CORS, fixing preflight errors, or auditing cross-origin policies.

2026-05-28
data-encryption
مطوّرو البرمجيات

Encrypt personal data at rest and in transit to comply with PDPA 2024. Covers field-level encryption for PII, AES-256-GCM patterns, key management, and database column encryption for Node.js, Python, Laravel, and Cloudflare Workers. Use when storing sensitive user data, implementing encryption, or responding to PDPA compliance requirements.

2026-05-28
dependency-lockfile-audit
محللو أمن المعلومات

Detect typosquatting, malicious packages, and lockfile tampering in npm, pip, and composer dependencies. Covers lockfile integrity verification, known-malicious package detection, and supply chain attack prevention. Use when auditing dependencies, investigating suspicious packages, or hardening the supply chain.

2026-05-28
error-handling-security
مطوّرو البرمجيات

Prevent information leakage through error messages. Covers sanitized error responses, structured error handling, no stack traces in production, and safe logging patterns for Express, Next.js, Cloudflare Workers, Laravel, and FastAPI. Use when fixing verbose errors, implementing error handlers, or preventing stack trace leaks.

2026-05-28
input-validation
مطوّرو البرمجيات

Validate and sanitize all user input to prevent XSS, path traversal, command injection, and malformed data. Covers Zod, Joi, class-validator, Laravel validation, and Python Pydantic. Use when building forms, API endpoints, file uploads, or fixing injection vulnerabilities beyond SQL.

2026-05-28
pdpa-security-audit
محللو أمن المعلومات

Full PDPA 2024 + OWASP Top 10 security audit for any codebase. Checks all 8 forensic findings from Malaysian court cases plus enterprise controls for access control, SSRF, secrets, encryption, CORS, auth hardening, and error handling. Produces a compliance scorecard and actionable fix list. Use when asked to audit security, check PDPA compliance, run OWASP assessment, or before go-live.

2026-05-28
rate-limiting
مطوّرو البرمجيات

Add per-user and per-IP rate limiting to API endpoints. Covers Cloudflare Workers (KV-based sliding window), Express.js, Next.js, and generic patterns. Prevents abuse, brute-force attacks, and resource exhaustion. Use when adding rate limits, preventing API abuse, or fixing OWASP A04/A07 findings.

2026-05-28
secrets-management
مطوّرو البرمجيات

Prevent hardcoded secrets in source code. Covers .env setup, .gitignore patterns, secret scanning, runtime secret injection, and rotation strategies for Node.js, Python, Laravel, and Cloudflare Workers. Use when setting up environment variables, fixing exposed secrets, or implementing secret rotation.

2026-05-28
secure-ship
محللو أمن المعلومات

Security for vibe coders. Full PDPA 2024 + OWASP Top 10 compliance for any codebase. Covers enterprise-grade access control, SSRF prevention, SQL injection, input validation, secrets management, auth hardening, security headers, CORS, data encryption, error handling, audit logging, webhook security, CI/CD gates, rate limiting, and dependency auditing. Based on real Malaysian court cases where developers were fined RM1,000,000. Use when asked to secure a project, check PDPA compliance, run OWASP audit, add security to CI, or before go-live.

2026-05-28
security-headers
مطوّرو البرمجيات

Add security headers (CSP, HSTS, X-Frame-Options, Permissions-Policy) to prevent clickjacking, XSS, and data leaks. Provides copy-paste middleware for Express, Next.js, Cloudflare Workers, and Laravel. Use when hardening HTTP responses, fixing security scanner findings, or setting up a new project.

2026-05-28
sql-injection-prevention
محللو أمن المعلومات

Detect and fix SQL injection vulnerabilities in any framework. Covers Laravel (DB::raw, whereRaw), Node.js (template literals in queries), Python (f-strings in SQL), and Cloudflare D1. Enforces parameterized bindings everywhere. Use when writing database queries, reviewing code for injection, or fixing SQL injection findings.

2026-05-28
ssrf-prevention
مطوّرو البرمجيات

Enterprise-grade Server-Side Request Forgery (SSRF) prevention for APIs, webhooks, URL previewers, importers, and fetch-by-URL features. Covers strict allowlists, DNS rebinding defense, private IP blocking, cloud metadata protection, redirect validation, egress controls, and safe fetch wrappers for Node.js, Cloudflare Workers, Python, and Laravel. Use when code fetches user-provided URLs or calls external services.

2026-05-28
webhook-security
مطوّرو البرمجيات

Fix race conditions, add idempotency guards, and implement timing-safe token comparisons for payment webhooks. Covers Xendit, Stripe, Paddle, and generic webhook patterns. Prevents double-crediting, replay attacks, and timing attacks. Use when building payment webhooks, fixing race conditions, or securing callback endpoints.

2026-05-28