I've been diving deep into security courses and certifications lately, OWASP, DevSecOps pipelines, cloud security architecture, compliance frameworks. I also had the chance to work alongside a senior solution architect who helped me understand how these concepts connect in real-world production systems.
After absorbing all of that, I decided to group everything I've learned into a Claude Code skill that automatically activates whenever you're doing security-relevant work: building APIs, setting up auth, managing secrets, configuring CI/CD, integrating LLMs, or deploying to production. Think of it as a security co-pilot baked into your dev workflow.
What it covers (full SDLC):
- Planning — Threat modeling (STRIDE/PASTA), security requirements, compliance mapping
- Architecture — Least privilege, defense in depth, zero trust, encryption patterns
- Coding — Input validation, secrets management, supply chain security
- Testing — SAST/DAST/SCA tooling guidance, security-focused code review checklists
- CI/CD — Pipeline security gates, container hardening, IaC scanning
- Monitoring — SIEM, IDS/IPS, incident response plans
Includes deep-dive references for:
- REST API security & Swagger/OpenAPI hardening
- OWASP LLM Top 10 & prompt injection defense
- Data classification (Public/Internal/Confidential/Secret)
- IAM & API Gateway architecture patterns
- Compliance frameworks (GDPR, ISO 27001, PCI-DSS, SOC 2)
It's language/framework agnostic — works for any project.
GitHub: https://github.com/IyedGuezmir/secure-development-skill Would love feedback — what security areas would you want covered that aren't here?
[link] [comments]
