A practitioner's guide to application security grounded in the OWASP Top 10 2021. This skill gives you code-level patterns for preventing injection attacks, XSS, CSRF, SSRF, broken authentication, and the rest of the usual suspects. It includes threat modeling basics, a security headers quick reference, and concrete examples in TypeScript showing parameterized queries, context-aware output encoding, and allowlist-based validation. The approach is defense in depth with multiple independent controls. Best when you're implementing auth flows, reviewing code for vulnerabilities, or need to know which CSP directive actually stops inline scripts. Stays at the application layer, so network security and secrets rotation live elsewhere.
npx skills add https://github.com/absolutelyskilled/absolutelyskilled --skill appsec-owasp