security principles

Secrets are injected via Kubernetes ConfigMaps and environment variables — never commit secrets to the repository.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "security principles" with this command: npx skills add exceptionless/exceptionless/exceptionless-exceptionless-security-principles

Security Principles

Secrets Management

Secrets are injected via Kubernetes ConfigMaps and environment variables — never commit secrets to the repository.

  • Configuration files — Use appsettings.yml for non-secret config

  • Environment variables — Secrets injected at runtime via EX_* prefix

  • Kubernetes — ConfigMaps mount configuration, Secrets mount credentials

// AppOptions binds to configuration (including env vars) public class AppOptions { public string? StripeApiKey { get; set; } public AuthOptions Auth { get; set; } = new(); }

Validate All Inputs

  • Check bounds and formats before processing

  • Use ArgumentNullException.ThrowIfNull() and similar guards

  • Validate early, fail fast

Sanitize External Data

  • Never trust data from queues, caches, user input, or external sources

  • Validate against expected schema

  • Sanitize HTML/script content before storage or display

No Sensitive Data in Logs

  • Never log passwords, tokens, API keys, or PII

  • Log identifiers and prefixes, not full values

  • Use structured logging with safe placeholders

Use Secure Defaults

  • Default to encrypted connections (SSL/TLS enabled)

  • Default to restrictive permissions

  • Require explicit opt-out for security features

Avoid Deprecated Cryptographic Algorithms

Use modern cryptographic algorithms:

  • ❌ MD5 , SHA1 — Cryptographically broken

  • ✅ SHA256 , SHA512 — Current standards

Avoid Insecure Serialization

  • ❌ BinaryFormatter — Insecure deserialization vulnerability

  • ✅ System.Text.Json , Newtonsoft.Json — Safe serialization

Input Bounds Checking

  • Enforce minimum/maximum values on pagination parameters

  • Limit batch sizes to prevent resource exhaustion

  • Validate string lengths before storage

OWASP Reference

Review OWASP Top 10 regularly:

  • Broken Access Control

  • Cryptographic Failures

  • Injection

  • Insecure Design

  • Security Misconfiguration

  • Vulnerable and Outdated Components

  • Identification and Authentication Failures

  • Software and Data Integrity Failures

  • Security Logging and Monitoring Failures

  • Server-Side Request Forgery

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

shadcn-svelte components

No summary provided by upstream source.

Repository SourceNeeds Review
120-exceptionless
General

tanstack-form

No summary provided by upstream source.

Repository SourceNeeds Review
12-exceptionless
General

stripe-best-practices

No summary provided by upstream source.

Repository SourceNeeds Review
95-exceptionless
General

.net conventions

No summary provided by upstream source.

Repository SourceNeeds Review
94-exceptionless