security-engineering

Solid

Security architecture and implementation patterns. Use when designing security controls, implementing authentication/authorization, conducting threat modeling, or ensuring compliance with security frameworks.

AI & Automation 335 stars 29 forks Updated today

Install

View on GitHub

Quality Score: 85/100

Stars 20%
84
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
80
License 10%
0
Description 5%
100

Skill Content

# Security Engineering Comprehensive security engineering skill covering application security, infrastructure security, compliance, and incident response. ## When to Use This Skill - Designing security architecture - Implementing authentication and authorization - Conducting threat modeling - Security code review - Implementing compliance controls (SOC2, HIPAA, PCI-DSS) - Incident response planning - Security monitoring and alerting ## Security Architecture ### Defense in Depth Layer security controls at multiple levels: | Layer | Controls | |-------|----------| | Perimeter | Firewall, WAF, DDoS protection | | Network | Segmentation, IDS/IPS, VPN | | Host | Hardening, EDR, patch management | | Application | Input validation, secure coding, SAST/DAST | | Data | Encryption, access control, DLP | | Identity | MFA, SSO, privileged access management | ### Zero Trust Architecture **Core Principles:** 1. Never trust, always verify 2. Assume breach mentality 3. Least privilege access 4. Micro-segmentation 5. Continuous verification **Implementation:** - Identity-based access (not network-based) - Device health verification - Continuous authentication - Encrypted communications everywhere - Detailed logging and monitoring ## Authentication Patterns ### OAuth 2.0 / OIDC **Grant Types:** | Grant | Use Case | |-------|----------| | Authorization Code + PKCE | Web/mobile apps | | Client Credentials | Service-to-service | | Device Code | CLI tools, IoT | **Token Best Pract...

Details

Author
aiskillstore
Repository
aiskillstore/marketplace
Created
5 months ago
Last Updated
today
Language
Python
License
None

Integrates with

OAuth · Auth

Similar Skills

Semantically similar based on skill content — not just same category

Web & Frontend Listed

architecting-security

Design comprehensive security architectures using defense-in-depth, zero trust principles, threat modeling (STRIDE, PASTA), and control frameworks (NIST CSF, CIS Controls, ISO 27001). Use when designing security for new systems, auditing existing architectures, or establishing security governance programs.

368 Updated 5 months ago
ancoleman
AI & Automation Listed

security-expert

Use when designing, implementing, or reviewing secure software systems with practical threat modeling and defense-in-depth controls. Invoke for authentication, authorization, secrets handling, input validation, secure coding standards, and remediation planning.

0 Updated 1 weeks ago
Ortus-Solutions
AI & Automation Listed

security

Application security best practices and patterns

0 Updated today
murtazatouqeer
AI & Automation Listed

security-plan

Threat modeling, compliance, and secure by design architecture

2 Updated 4 days ago
DongDuong2001
API & Backend Listed

security-auth

Comprehensive security and authentication workflow that orchestrates security architecture, identity management, access control, and compliance implementation. Handles everything from authentication system design and authorization frameworks to security auditing and threat protection.

43 Updated 3 months ago
diegosouzapw