backend-security-coder
Expert in secure backend coding practices specializing in input validation, authentication, and API security. Use PROACTIVELY for backend security implementations or security code reviews.
Author
Category
Development ToolsInstall
Hot:29
Download and extract to your skills directory
Copy command and send to OpenClaw for auto-install:
Download and install this skill https://openskills.cc/api/download?slug=sickn33-skills-backend-security-coder&locale=en&source=copy
Backend Security Coder - Backend Security Coding Expert
Skill Overview
Backend Security Coder is a professional backend secure coding assistant focused on secure programming practices such as input validation, authentication, API security, and database protection.
Use Cases
Core Features
- Implement whitelist validation frameworks and enforce strict data typing
- Defend against SQL injection, NoSQL injection, LDAP injection, command injection, and other attack vectors
- Provide parameterized query and ORM secure configuration solutions
- Implement multi-factor authentication (TOTP, hardware tokens, backup codes)
- Configure secure handling of JWTs, OAuth 2.0/2.1 flows, and PKCE
- Implement secure session tokens, timeout management, and concurrent session control
- Configure rate limiting, burst protection, and IP restrictions
- Implement CSRF protection tokens and Origin/Referer header validation
- Set secure HTTP headers (CSP, HSTS, X-Frame-Options) and secure cookie configurations
- Implement field-level encryption and transparent data encryption
- Configure separation of database user privileges and role-based access control
- Establish audit logs and compliance logging
- Implement target whitelist management and URL validation
- Mitigate server-side request forgery (SSRF) and isolate internal networks
- Configure request timeouts and response size limits
Frequently Asked Questions
What scenarios is Backend Security Coder suitable for?
It is suitable for scenarios that require writing secure backend code, including implementing API security, protecting database queries, developing user authentication systems, configuring CSRF protection, and handling sensitive data. If you need high-level security audits, compliance assessments, or threat modeling, it is recommended to use the security-auditor skill.
What is the difference between backend secure coding and code auditing?
Backend Security Coder focuses on writing secure backend code, such as implementing API validation, configuring authentication, and setting secure headers; while security-auditor focuses on auditing and assessing the security posture, such as compliance checks, architecture reviews, and penetration test planning. In short, the former implements security measures, and the latter evaluates the current security state.
How to prevent SQL injection attacks?
Use parameterized queries or prepared statements and avoid directly concatenating SQL strings. For ORM frameworks, ensure proper parameter binding configuration. Also perform whitelist validation on user input, restrict data types and format ranges, and reduce the attack surface from the source.
How to implement JWT authentication securely?
Use strong signing algorithms (such as RS256) and securely store private keys, set reasonable expiration times and implement refresh token mechanisms. Verify signatures, expiration times, and issuers, and reject invalid tokens. Do not store sensitive information in JWT payloads, and transmit tokens over secure channels.
How to configure rate limiting for API endpoints?
Set per-user/per-IP request thresholds according to business requirements and implement burst protection to handle traffic spikes. Rate limiting can be configured at the application layer, gateway layer, or reverse proxy layer; log rate-limited requests for monitoring and alerting. Public APIs should have stricter limits than authenticated APIs.