Security, QA & Best Practices Skill
Quick Start - Secure Authentication
import bcrypt from 'bcrypt';
import jwt from 'jsonwebtoken';
// Hash password
const password = 'user_password';
const hash = await bcrypt.hash(password, 10);
// Verify password
const isValid = await bcrypt.compare(password, hash);
// Issue JWT
const token = jwt.sign(
{ userId: 1, email: 'user@example.com' },
process.env.JWT_SECRET,
{ expiresIn: '24h', algorithm: 'HS256' }
);
// Verify JWT
const decoded = jwt.verify(token, process.env.JWT_SECRET);
Core Technologies
Security Tools
- Burp Suite
- OWASP ZAP
- Snort/Suricata
- Nmap
Testing Frameworks
- Selenium / Cypress
- Jest / pytest
- JMeter / Gatling
- Postman / Insomnia
Code Quality
- SonarQube
- ESLint / Prettier
- Pylint / Black
Best Practices
- OWASP Top 10 - Know and prevent vulnerabilities
- Secure Coding - Input validation, parameterized queries
- Testing - Unit, integration, and E2E tests
- Code Review - Peer review process
- Monitoring - Continuous security monitoring
- Compliance - GDPR, HIPAA, PCI-DSS
- Incident Response - Clear procedures
- Documentation - Security policies
Resources
