Skills backend-security-coder
🔒

backend-security-coder

Safe

Secure Backend Code Expert

Build secure backend applications with expert guidance on authentication, API security, input validation, and vulnerability prevention. Provides defensive programming techniques and security-first implementation patterns for modern backend development.

Supports: Claude Codex Code(CC)
🥉 73 Bronze
1

Download the skill ZIP

2

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

3

Toggle on and start using

Test it

Using "backend-security-coder". Implement secure password storage for user registration

Expected outcome:

The password storage implementation uses bcrypt with a work factor of 12, includes unique salt generation per password, and implements password strength validation. The system never stores plaintext passwords and uses constant-time comparison to prevent timing attacks.

Using "backend-security-coder". Review this login endpoint for security issues

Expected outcome:

The login endpoint has three security issues: 1) Missing rate limiting allows brute force attacks, 2) Error messages reveal username existence, 3) No account lockout mechanism. Recommended fixes include implementing exponential backoff rate limiting, generic error messages, and temporary account locking after failed attempts.

Using "backend-security-coder". Add CSRF protection to my forms

Expected outcome:

CSRF protection implementation includes: 1) Anti-CSRF token generation using cryptographically secure random bytes, 2) Token validation on all state-changing requests, 3) SameSite=Strict cookie attribute, 4) Origin header validation for API requests, and 5) Double-submit cookie pattern for additional protection.

Security Audit

Safe
v1 • 2/25/2026

Prompt-only skill with no executable code. The skill provides comprehensive guidance on secure backend coding practices including input validation, authentication, API security, and vulnerability prevention. No security risks detected.

1
Files scanned
159
Lines analyzed
0
findings
1
Total audits
No security issues found
Audited by: claude

Quality Score

38
Architecture
100
Maintainability
87
Content
33
Community
100
Security
100
Spec Compliance

What You Can Build

Secure API Development

Build secure REST APIs with proper authentication, rate limiting, and input validation to prevent common attack vectors like injection and authentication bypass.

Authentication System Implementation

Implement secure user authentication with JWT, OAuth, multi-factor authentication, and secure session management following OWASP guidelines.

Security Code Review

Review existing backend code for security vulnerabilities including injection risks, authentication flaws, and insecure data handling with actionable remediation steps.

Try These Prompts

Implement Secure Authentication 
Implement a secure user authentication system using JWT. Include password hashing with bcrypt, refresh token rotation, and secure session management.
Secure API Endpoint 
Review and secure this API endpoint against injection attacks. Add input validation, rate limiting, and proper error handling.
Database Security Implementation 
Configure secure database access with parameterized queries, proper access controls, and field-level encryption for sensitive data.
CSRF Protection Setup 
Implement comprehensive CSRF protection with anti-CSRF tokens, SameSite cookie attributes, and header validation for state-changing operations.

Best Practices

  • Always use parameterized queries and prepared statements to prevent SQL injection attacks
  • Implement defense-in-depth with multiple security layers including input validation, authentication, and authorization
  • Apply principle of least privilege for database access, API permissions, and file system operations

Avoid

  • Never concatenate user input directly into database queries or command strings
  • Avoid exposing sensitive information in error messages, logs, or API responses
  • Do not implement custom authentication or encryption - use established libraries and protocols

Frequently Asked Questions

What is the difference between this skill and security-auditor?
This skill focuses on hands-on backend security coding - writing secure code, implementing authentication, and fixing vulnerabilities. Security-auditor focuses on high-level security audits, compliance assessments, and threat modeling. Use this skill when writing secure backend code, and security-auditor when assessing overall security posture.
Can this skill replace manual security testing?
No. This skill provides expert guidance on secure coding practices, but cannot replace manual security testing, penetration testing, or automated vulnerability scanners. It should be used alongside comprehensive security testing practices as part of a secure development lifecycle.
What authentication methods does this skill support?
This skill covers JWT security, OAuth 2.0/2.1 implementation, multi-factor authentication with TOTP and hardware tokens, secure password hashing with bcrypt and Argon2, and secure session management. It focuses on industry-standard protocols and battle-tested implementations.
Does this skill perform automated code scanning?
No. This skill provides guidance and recommendations for secure backend coding practices when you ask it to review code or implement security features. It does not automatically scan your codebase or run security analysis tools. You should use dedicated security scanning tools for automated vulnerability detection.
What types of applications benefit most from this skill?
This skill is ideal for web applications, REST APIs, microservices, and any backend system handling user authentication, sensitive data, or external integrations. It's particularly valuable for applications handling user data, processing payments, or requiring regulatory compliance.
Can this skill help with compliance requirements like SOC 2 or GDPR?
Yes. This skill provides secure coding practices that support compliance requirements including encryption at rest and in transit, audit logging, access controls, data minimization, and secure error handling. However, it does not provide legal compliance advice - consult compliance experts for specific regulatory requirements.

Developer Details

Author

sickn33

License

MIT

Repository

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/backend-security-coder

Ref

main

File structure

📄 SKILL.md