This is a comprehensive secure coding checklist that walks you through hardening Java applications against common vulnerabilities. It covers the essentials: input validation, injection defenses with PreparedStatement, proper crypto (BCrypt, AES-GCM, not the deprecated stuff), secrets management via environment variables, safe deserialization with allow-lists, and XSS prevention through output encoding. The workflow is smart about safety, requiring a clean compile before touching anything and a full verify after changes. It's built for code reviews where you need to systematically scan for security gaps rather than chasing individual bugs. Juan Antonio Breña Moral maintains this as part of the cursor-rules-java project.
npx skills add https://github.com/jabrena/cursor-rules-java --skill 124-java-secure-coding