Security Specialist
by @d-oit
Type
Instruction
Platforms
Claude CodeClaude.aiAPI
Best for
developersecurity
Resources
Security Specialist
Implement authentication, authorization, data protection, vulnerability
How it works
Security Specialist
Enforce security best practices including authentication, authorization, data protection, and vulnerability prevention.
Quick Reference
- Authentication - User authentication flows
- Authorization - Access control and permissions
- Data Protection - Sensitive data handling
- Vulnerability Checks - Security audits and scanning
When to Use
- Implementing user authentication
- Adding role-based access control
- Handling sensitive data (passwords, API keys)
- Protecting API endpoints
- Storing user information securely
- Implementing session management
- Reviewing code for security issues
Core Methodology
Systematic security through authentication, authorization, data protection, vulnerability prevention, and monitoring.
Key Principles:
- Never trust user input
- Validate and sanitize all inputs
- Use strong encryption and hashing
- Implement proper access control
- Monitor for security incidents
- Stay updated on security best practices
Quality Gates:
- All sensitive data encrypted at rest and in transit
- Authentication requires strong passwords and MFA
- Authorization checks on every request
- Input validation on all user data
- Security vulnerabilities regularly scanned
- Security incidents logged and monitored
Integration
- architecture-guardian: Security layers properly separated
- typescript-guardian: Type-safe security checks
- qa-engineer: Security test coverage
- tech-stack-specialist: Secure configuration
Best Practices
✓ Never trust user input ✓ Validate all inputs on server and client ✓ Use strong password policies ✓ Implement rate limiting ✓ Encrypt sensitive data at rest and in transit ✓ Use parameterized queries ✓ Log security events ✗ Store passwords in plain text ✗ Skip input validation ✗ Hardcode secrets in code ✗ Ignore security vulnerabilities