rodin/security-patterns
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
6 Commits 2 Branches 0 Tags
b988751861a7f14c8b63cd2a8ae56301636dd9e3
Commit Graph

6 Commits

Author SHA1 Message Date
Rodin b988751861 refactor: collapse 23 pattern files into focused checklist 
Models already know what SQL injection and XSS are. They don't need
tutorials - they need a checklist to ensure nothing is missed.

Before: 23 individual pattern files (~100KB total)
After: 1 focused checklist (~4KB)

Same coverage, better signal-to-noise ratio for review context.
 2026-05-11 00:18:36 -07:00
Rodin 1eac5d3bcc Add CSP, file upload, open redirect, clickjacking patterns 
Complete security patterns collection (23 total):
- csp.md: nonces, hashes, strict-dynamic, reporting
- file-upload.md: content validation, path traversal, malware scanning
- open-redirect.md: URL validation, OAuth redirect URI, bypass techniques
- clickjacking.md: X-Frame-Options, frame-ancestors CSP

Comprehensive coverage for web application security review.
 2026-05-10 23:24:52 -07:00
Rodin 17c535bc61 Add session management, CORS, XXE patterns 
Complete the security patterns collection:
- session-management.md: fixation, hijacking, secure cookies, concurrent sessions
- cors.md: origin validation, reflected origin attacks, preflight caching
- xxe.md: external entities, DTD attacks, language-specific fixes

Now 19 patterns covering comprehensive web application security.
 2026-05-10 23:20:36 -07:00
Rodin 5b9f30e663 Add SSRF, race conditions, JWT security patterns 
High-priority patterns from completeness review:
- ssrf.md: metadata endpoints, DNS rebinding, webhook validation
- race-conditions.md: TOCTOU, atomic operations, file/db races
- jwt-security.md: algorithm confusion, kid injection, refresh tokens

Now 16 patterns covering comprehensive web application security.
 2026-05-10 23:17:54 -07:00
Rodin 8a94a08511 Add supply-chain, deserialization, cryptography, error-handling patterns 
Now covers all OWASP Top 10:2025 categories:
- A03: supply-chain.md (SolarWinds, Bybit, npm worm examples)
- A04: cryptography.md (algorithm recommendations, key management)
- A08: deserialization.md (pickle, yaml, language-specific risks)
- A10: error-handling.md (fail closed, error messages)
 2026-05-10 22:48:39 -07:00
Rodin 647928a0a1 Initial commit: 9 security patterns for code review 
Fundamentals: secure-defaults, input-validation, credential-handling, audit-logging
Identity: authentication, authorization
Attack Prevention: injection-prevention, dos-prevention, prompt-injection
 2026-05-10 22:45:03 -07:00