OWASP安全最佳实践指南：代码审查清单、漏洞预防与AI安全（2025-2026）

owasp-security by agamm/claude-code-owasp

205 周安装量

31 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/agamm/claude-code-owasp --skill owasp-security

代码规范风险管理安全

🇨🇳中文介绍

OWASP 安全最佳实践技能

在编写或审查代码时应用这些安全标准。

快速参考：OWASP Top 10:2025

| 漏洞 | 关键预防措施

---|---|---
A01 | 访问控制失效 | 默认拒绝，服务器端强制执行，验证所有权
A02 | 安全配置错误 | 强化配置，禁用默认设置，最小化功能
A03 | 供应链故障 | 锁定版本，验证完整性，审计依赖项
A04 | 加密机制失效 | TLS 1.2+，AES-256-GCM，使用 Argon2/bcrypt 处理密码
A05 | 注入 | 参数化查询，输入验证，安全的 API
A06 | 不安全的设计 | 威胁建模，速率限制，设计安全控制
A07 | 身份验证失效 | 多因素认证，检查泄露的密码，安全的会话管理
A08 | 完整性失效 | 签名包，CDN 使用 SRI，安全的序列化
A09 | 日志记录与监控失效 | 记录安全事件，结构化格式，告警
A10 | 异常处理失效 | 失败即关闭，隐藏内部细节，记录上下文

安全代码审查清单

审查代码时，检查以下问题：

输入处理

所有用户输入都在服务器端进行验证
使用参数化查询（而非字符串拼接）
强制执行输入长度限制
优先使用允许列表验证而非拒绝列表

身份验证与会话

密码使用 Argon2/bcrypt 哈希（而非 MD5/SHA1）
会话令牌具有足够的熵（128+ 位）
登出时使会话失效
敏感操作支持多因素认证

访问控制

每次请求都检查授权
使用用户无法操纵的对象引用
默认拒绝策略
审查权限提升路径

数据保护

敏感数据静态加密
传输中数据全部使用 TLS
URL/日志中不包含敏感数据
密钥存储在环境变量/保险库中（而非代码中）

错误处理

不向用户暴露堆栈跟踪
错误时失败即关闭（拒绝，而非允许）
所有异常都记录上下文信息
一致的错误响应（避免枚举）

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

失败即关闭模式

# UNSAFE - Fail-open
def check_permission(user, resource):
    try:
        return auth_service.check(user, resource)
    except Exception:
        return True  # DANGEROUS!

# SAFE - Fail-closed
def check_permission(user, resource):
    try:
        return auth_service.check(user, resource)
    except Exception as e:
        logger.error(f"Auth check failed: {e}")
        return False  # Deny on error

智能体 AI 安全 (OWASP 2026)

构建或审查 AI 智能体系统时，检查以下内容：

风险	描述	缓解措施
ASI01: 目标劫持	提示注入改变智能体目标	输入净化，目标边界，行为监控
ASI02: 工具滥用	工具被用于非预期方式	最小权限，细粒度权限，验证输入/输出
ASI03: 权限滥用	跨智能体的凭据提升	短期范围令牌，身份验证
ASI04: 供应链	受感染的插件/MCP 服务器	验证签名，沙箱，插件允许列表
ASI05: 代码执行	不安全的代码生成/执行	沙箱执行，静态分析，人工批准
ASI06: 记忆中毒	损坏的 RAG/上下文数据	验证存储内容，按信任级别分段
ASI07: 智能体通信	智能体间的欺骗	身份验证，加密，验证消息完整性
ASI08: 级联故障	错误在系统间传播	断路器，优雅降级，隔离
ASI09: 信任利用	通过 AI 进行社会工程	标记 AI 内容，用户教育，验证步骤
ASI10: 恶意智能体	受感染的智能体执行恶意操作	行为监控，紧急停止开关，异常检测

智能体安全检查清单

所有智能体输入都经过净化和验证
工具以所需的最小权限运行
凭据是短期且限定范围的
第三方插件经过验证和沙箱化
代码执行在隔离环境中进行
智能体通信经过身份验证和加密
智能体组件之间有断路器
敏感操作需要人工批准
行为监控以检测异常
智能体系统具备紧急停止开关

ASVS 5.0 关键要求

级别 1（所有应用程序）

密码至少 12 个字符
检查是否在泄露密码列表中
身份验证实施速率限制
会话令牌熵值 128+ 位
全程使用 HTTPS

级别 2（敏感数据）

满足所有 L1 要求，外加：
敏感操作使用多因素认证
加密密钥管理
全面的安全日志记录
对所有参数进行输入验证

级别 3（关键系统）

满足所有 L1/L2 要求，外加：
密钥使用硬件安全模块
威胁建模文档
高级监控和告警
渗透测试验证

特定语言的安全特性

重要提示： 以下示例是说明性的起点，并非详尽无遗。审查代码时，要像高级安全研究员一样思考：考虑语言的内存模型、类型系统、标准库陷阱、生态系统特定的攻击向量以及历史上的 CVE 模式。每种语言都有比此处所列更深入的特性。

不同语言有独特的安全陷阱。以下是前 20 种语言的关键安全注意事项。针对您正在使用的特定语言进行更深入的研究：

JavaScript / TypeScript

主要风险： 原型污染，XSS，eval 注入

// UNSAFE: Prototype pollution
Object.assign(target, userInput)
// SAFE: Use null prototype or validate keys
Object.assign(Object.create(null), validated)

// UNSAFE: eval injection
eval(userCode)
// SAFE: Never use eval with user input

注意： eval()，innerHTML，document.write()，原型链操作，__proto__

主要风险： Pickle 反序列化，格式化字符串注入，shell 注入

# UNSAFE: Pickle RCE
pickle.loads(user_data)
# SAFE: Use JSON or validate source
json.loads(user_data)

# UNSAFE: Format string injection
query = "SELECT * FROM users WHERE name = '%s'" % user_input
# SAFE: Parameterized
cursor.execute("SELECT * FROM users WHERE name = %s", (user_input,))

注意： pickle，eval()，exec()，os.system()，subprocess 配合 shell=True

主要风险： 反序列化 RCE，XXE，JNDI 注入

// UNSAFE: Arbitrary deserialization
ObjectInputStream ois = new ObjectInputStream(userStream);
Object obj = ois.readObject();

// SAFE: Use allowlist or JSON
ObjectMapper mapper = new ObjectMapper();
mapper.readValue(json, SafeClass.class);

注意： ObjectInputStream，Runtime.exec()，没有 XXE 保护的 XML 解析器，JNDI 查找

主要风险： 反序列化，SQL 注入，路径遍历

// UNSAFE: BinaryFormatter RCE
BinaryFormatter bf = new BinaryFormatter();
object obj = bf.Deserialize(stream);

// SAFE: Use System.Text.Json
var obj = JsonSerializer.Deserialize<SafeType>(json);

注意： BinaryFormatter，JavaScriptSerializer，TypeNameHandling.All，原始 SQL 字符串

主要风险： 类型转换，文件包含，对象注入

// UNSAFE: Type juggling in auth
if ($password == $stored_hash) { ... }
// SAFE: Use strict comparison
if (hash_equals($stored_hash, $password)) { ... }

// UNSAFE: File inclusion
include($_GET['page'] . '.php');
// SAFE: Allowlist pages
$allowed = ['home', 'about']; include(in_array($page, $allowed) ? "$page.php" : 'home.php');

注意： == 与 ===，include/require，unserialize()，带 /e 的 preg_replace，extract()

主要风险： 竞态条件，模板注入，切片越界

// UNSAFE: Race condition
go func() { counter++ }()
// SAFE: Use sync primitives
atomic.AddInt64(&counter, 1)

// UNSAFE: Template injection
template.HTML(userInput)
// SAFE: Let template escape
{{.UserInput}}

注意： Goroutine 数据竞争，template.HTML()，unsafe 包，未检查的切片访问

主要风险： 批量赋值，YAML 反序列化，正则表达式 DoS

# UNSAFE: Mass assignment
User.new(params[:user])
# SAFE: Strong parameters
User.new(params.require(:user).permit(:name, :email))

# UNSAFE: YAML RCE
YAML.load(user_input)
# SAFE: Use safe_load
YAML.safe_load(user_input)

注意： YAML.load，Marshal.load，eval，使用用户输入的 send，.permit!

主要风险： Unsafe 块，FFI 边界问题，发布版本中的整数溢出

// CAUTION: Unsafe bypasses safety
unsafe { ptr::read(user_ptr) }

// CAUTION: Release integer overflow
let x: u8 = 255;
let y = x + 1; // Wraps to 0 in release!
// SAFE: Use checked arithmetic
let y = x.checked_add(1).unwrap_or(255);

注意： unsafe 块，FFI 调用，发布版本中的整数溢出，对不受信任输入的 .unwrap()

主要风险： 强制解包崩溃，Objective-C 互操作

// UNSAFE: Force unwrap on untrusted data
let value = jsonDict["key"]!
// SAFE: Safe unwrapping
guard let value = jsonDict["key"] else { return }

// UNSAFE: Format string
String(format: userInput, args)
// SAFE: Don't use user input as format

注意： 强制解包 (!)，try!，ObjC 桥接，NSSecureCoding 误用

主要风险： 空安全绕过，Java 互操作，序列化

// UNSAFE: Platform type from Java
val len = javaString.length // NPE if null
// SAFE: Explicit null check
val len = javaString?.length ?: 0

// UNSAFE: Reflection
clazz.getDeclaredMethod(userInput)
// SAFE: Allowlist methods

注意： Java 互操作空值 (! 操作符)，反射，序列化，平台类型

主要风险： 缓冲区溢出，释放后使用，格式化字符串

// UNSAFE: Buffer overflow
char buf[10]; strcpy(buf, userInput);
// SAFE: Bounds checking
strncpy(buf, userInput, sizeof(buf) - 1);

// UNSAFE: Format string
printf(userInput);
// SAFE: Always use format specifier
printf("%s", userInput);

注意： strcpy，sprintf，gets，指针运算，手动内存管理，整数溢出

主要风险： XML 外部实体，序列化，模式匹配完备性

// UNSAFE: XXE
val xml = XML.loadString(userInput)
// SAFE: Disable external entities
val factory = SAXParserFactory.newInstance()
factory.setFeature("http://xml.org/sax/features/external-general-entities", false)

注意： Java 互操作问题，XML 解析，Serializable，完备的模式匹配

主要风险： 代码注入，文件路径操作

# UNSAFE: eval injection
eval(parse(text = user_input))
# SAFE: Never parse user input as code

# UNSAFE: Path traversal
read.csv(paste0("data/", user_file))
# SAFE: Validate filename
if (grepl("^[a-zA-Z0-9]+\\.csv$", user_file)) read.csv(...)

注意： eval()，parse()，source()，system()，文件路径操作

主要风险： 正则表达式注入，open() 注入，污染模式绕过

# UNSAFE: Regex DoS
$input =~ /$user_pattern/;
# SAFE: Use quotemeta
$input =~ /\Q$user_pattern\E/;

# UNSAFE: open() command injection
open(FILE, $user_file);
# SAFE: Three-argument open
open(my $fh, '<', $user_file);

注意： 双参数 open()，来自用户输入的正则表达式，反引号，eval，禁用的污染模式

主要风险： 命令注入，单词分割，通配符扩展

# UNSAFE: Unquoted variables
rm $user_file
# SAFE: Always quote
rm "$user_file"

# UNSAFE: eval
eval "$user_command"
# SAFE: Never eval user input

注意： 未引用的变量，eval，反引号，使用用户输入的 $(...)，缺少 set -euo pipefail

主要风险： 沙箱逃逸，loadstring 注入

-- UNSAFE: Code injection
loadstring(user_code)()
-- SAFE: Use sandboxed environment with restricted functions

注意： loadstring，loadfile，dofile，os.execute，io 库，调试库

主要风险： 原子耗尽，代码注入，ETS 访问

# UNSAFE: Atom exhaustion DoS
String.to_atom(user_input)
# SAFE: Use existing atoms only
String.to_existing_atom(user_input)

# UNSAFE: Code injection
Code.eval_string(user_input)
# SAFE: Never eval user input

注意： String.to_atom，Code.eval_string，:erlang.binary_to_term，ETS 公共表

主要风险： 平台通道注入，不安全存储

// UNSAFE: Storing secrets in SharedPreferences
prefs.setString('auth_token', token);
// SAFE: Use flutter_secure_storage
secureStorage.write(key: 'auth_token', value: token);

注意： 平台通道数据，dart:mirrors，Function.apply，不安全的本地存储

主要风险： 命令注入，执行策略绕过

# UNSAFE: Injection
Invoke-Expression $userInput
# SAFE: Avoid Invoke-Expression with user data

# UNSAFE: Unvalidated path
Get-Content $userPath
# SAFE: Validate path is within allowed directory

注意： Invoke-Expression，& $userVar，使用用户参数的 Start-Process，-ExecutionPolicy Bypass

主要风险： 注入，权限提升，数据泄露

-- UNSAFE: String concatenation
"SELECT * FROM users WHERE id = " + userId

-- SAFE: Parameterized query (language-specific)
-- Use prepared statements in ALL cases

注意： 动态 SQL，EXECUTE IMMEDIATE，包含动态查询的存储过程，权限授予

深度安全分析思维模式

审查任何语言时，像高级安全研究员一样思考：

内存模型： 语言如何处理内存？托管 vs 手动？GC 暂停是否可利用？
类型系统： 弱类型 = 类型混淆攻击。寻找强制转换利用。
序列化： 每种语言都有其 pickle/Marshal 等价物。所有都危险。
并发性： 竞态条件，TOCTOU，特定于线程模型的原子性失败。
FFI 边界： 原生互操作是类型安全被破坏的地方。
标准库： 标准库中的历史 CVE（Python urllib，Java XML，Ruby OpenSSL）。
包生态系统： 域名抢注，依赖混淆，恶意包。
构建系统： 构建期间的 Makefile/gradle/npm 脚本注入。
运行时行为： 调试版与发布版的差异（Rust 溢出，C++ 断言）。
错误处理： 语言如何失败？静默失败？带堆栈跟踪？失败即开放？

对于任何未列出的语言： 研究其特定的 CWE 模式、CVE 历史和已知的陷阱。以上示例是入口点，并非完整覆盖。

何时应用此技能

在以下情况下使用此技能：

编写身份验证或授权代码时
处理用户输入或外部数据时
实现加密或密码存储时
审查代码中的安全漏洞时
设计 API 端点时
构建 AI 智能体系统时
配置应用程序安全设置时
处理错误和异常时
处理第三方依赖项时
使用任何语言工作时 - 应用上述深度分析思维模式

🇺🇸English

OWASP Security Best Practices Skill

Apply these security standards when writing or reviewing code.

Quick Reference: OWASP Top 10:2025

| Vulnerability | Key Prevention

---|---|---
A01 | Broken Access Control | Deny by default, enforce server-side, verify ownership
A02 | Security Misconfiguration | Harden configs, disable defaults, minimize features
A03 | Supply Chain Failures | Lock versions, verify integrity, audit dependencies
A04 | Cryptographic Failures | TLS 1.2+, AES-256-GCM, Argon2/bcrypt for passwords
A05 | Injection | Parameterized queries, input validation, safe APIs
A06 | Insecure Design | Threat model, rate limit, design security controls
A07 | Auth Failures | MFA, check breached passwords, secure sessions
A08 | Integrity Failures | Sign packages, SRI for CDN, safe serialization
A09 | Logging Failures | Log security events, structured format, alerting
A10 | Exception Handling | Fail-closed, hide internals, log with context

Security Code Review Checklist

When reviewing code, check for these issues:

Input Handling

All user input validated server-side
Using parameterized queries (not string concatenation)
Input length limits enforced
Allowlist validation preferred over denylist

Authentication & Sessions

Passwords hashed with Argon2/bcrypt (not MD5/SHA1)
Session tokens have sufficient entropy (128+ bits)
Sessions invalidated on logout
MFA available for sensitive operations

Access Control

Authorization checked on every request
Using object references user cannot manipulate
Deny by default policy
Privilege escalation paths reviewed

Data Protection

Sensitive data encrypted at rest
TLS for all data in transit
No sensitive data in URLs/logs
Secrets in environment/vault (not code)

Error Handling

No stack traces exposed to users
Fail-closed on errors (deny, not allow)
All exceptions logged with context
Consistent error responses (no enumeration)

Secure Code Patterns

SQL Injection Prevention

# UNSAFE
cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")

# SAFE
cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,))

Command Injection Prevention

# UNSAFE
os.system(f"convert {filename} output.png")

# SAFE
subprocess.run(["convert", filename, "output.png"], shell=False)

Password Storage

# UNSAFE
hashlib.md5(password.encode()).hexdigest()

# SAFE
from argon2 import PasswordHasher
PasswordHasher().hash(password)

Access Control

# UNSAFE - No authorization check
@app.route('/api/user/<user_id>')
def get_user(user_id):
    return db.get_user(user_id)

# SAFE - Authorization enforced
@app.route('/api/user/<user_id>')
@login_required
def get_user(user_id):
    if current_user.id != user_id and not current_user.is_admin:
        abort(403)
    return db.get_user(user_id)

Error Handling

# UNSAFE - Exposes internals
@app.errorhandler(Exception)
def handle_error(e):
    return str(e), 500

# SAFE - Fail-closed, log context
@app.errorhandler(Exception)
def handle_error(e):
    error_id = uuid.uuid4()
    logger.exception(f"Error {error_id}: {e}")
    return {"error": "An error occurred", "id": str(error_id)}, 500

Fail-Closed Pattern

# UNSAFE - Fail-open
def check_permission(user, resource):
    try:
        return auth_service.check(user, resource)
    except Exception:
        return True  # DANGEROUS!

# SAFE - Fail-closed
def check_permission(user, resource):
    try:
        return auth_service.check(user, resource)
    except Exception as e:
        logger.error(f"Auth check failed: {e}")
        return False  # Deny on error

Agentic AI Security (OWASP 2026)

When building or reviewing AI agent systems, check for:

Risk	Description	Mitigation
ASI01: Goal Hijack	Prompt injection alters agent objectives	Input sanitization, goal boundaries, behavioral monitoring
ASI02: Tool Misuse	Tools used in unintended ways	Least privilege, fine-grained permissions, validate I/O
ASI03: Privilege Abuse	Credential escalation across agents	Short-lived scoped tokens, identity verification
ASI04: Supply Chain	Compromised plugins/MCP servers	Verify signatures, sandbox, allowlist plugins
ASI05: Code Execution	Unsafe code generation/execution	Sandbox execution, static analysis, human approval
ASI06: Memory Poisoning	Corrupted RAG/context data	Validate stored content, segment by trust level
ASI07: Agent Comms	Spoofing between agents	Authenticate, encrypt, verify message integrity
ASI08: Cascading Failures	Errors propagate across systems

Agent Security Checklist

All agent inputs sanitized and validated
Tools operate with minimum required permissions
Credentials are short-lived and scoped
Third-party plugins verified and sandboxed
Code execution happens in isolated environments
Agent communications authenticated and encrypted
Circuit breakers between agent components
Human approval for sensitive operations
Behavior monitoring for anomaly detection
Kill switch available for agent systems

ASVS 5.0 Key Requirements

Level 1 (All Applications)

Passwords minimum 12 characters
Check against breached password lists
Rate limiting on authentication
Session tokens 128+ bits entropy
HTTPS everywhere

Level 2 (Sensitive Data)

All L1 requirements plus:
MFA for sensitive operations
Cryptographic key management
Comprehensive security logging
Input validation on all parameters

Level 3 (Critical Systems)

All L1/L2 requirements plus:
Hardware security modules for keys
Threat modeling documentation
Advanced monitoring and alerting
Penetration testing validation

Language-Specific Security Quirks

Important: The examples below are illustrative starting points, not exhaustive. When reviewing code, think like a senior security researcher: consider the language's memory model, type system, standard library pitfalls, ecosystem-specific attack vectors, and historical CVE patterns. Each language has deeper quirks beyond what's listed here.

Different languages have unique security pitfalls. Here are the top 20 languages with key security considerations. Go deeper for the specific language you're working in:

JavaScript / TypeScript

Main Risks: Prototype pollution, XSS, eval injection

// UNSAFE: Prototype pollution
Object.assign(target, userInput)
// SAFE: Use null prototype or validate keys
Object.assign(Object.create(null), validated)

// UNSAFE: eval injection
eval(userCode)
// SAFE: Never use eval with user input

Watch for: eval(), innerHTML, document.write(), prototype chain manipulation, __proto__

Python

Main Risks: Pickle deserialization, format string injection, shell injection

# UNSAFE: Pickle RCE
pickle.loads(user_data)
# SAFE: Use JSON or validate source
json.loads(user_data)

# UNSAFE: Format string injection
query = "SELECT * FROM users WHERE name = '%s'" % user_input
# SAFE: Parameterized
cursor.execute("SELECT * FROM users WHERE name = %s", (user_input,))

Watch for: pickle, eval(), exec(), os.system(), subprocess with shell=True

Java

Main Risks: Deserialization RCE, XXE, JNDI injection

// UNSAFE: Arbitrary deserialization
ObjectInputStream ois = new ObjectInputStream(userStream);
Object obj = ois.readObject();

// SAFE: Use allowlist or JSON
ObjectMapper mapper = new ObjectMapper();
mapper.readValue(json, SafeClass.class);

Watch for: ObjectInputStream, Runtime.exec(), XML parsers without XXE protection, JNDI lookups

C#

Main Risks: Deserialization, SQL injection, path traversal

// UNSAFE: BinaryFormatter RCE
BinaryFormatter bf = new BinaryFormatter();
object obj = bf.Deserialize(stream);

// SAFE: Use System.Text.Json
var obj = JsonSerializer.Deserialize<SafeType>(json);

Watch for: BinaryFormatter, JavaScriptSerializer, TypeNameHandling.All, raw SQL strings

PHP

Main Risks: Type juggling, file inclusion, object injection

// UNSAFE: Type juggling in auth
if ($password == $stored_hash) { ... }
// SAFE: Use strict comparison
if (hash_equals($stored_hash, $password)) { ... }

// UNSAFE: File inclusion
include($_GET['page'] . '.php');
// SAFE: Allowlist pages
$allowed = ['home', 'about']; include(in_array($page, $allowed) ? "$page.php" : 'home.php');

Watch for: == vs ===, include/require, unserialize(), preg_replace with /e, extract()

Go

Main Risks: Race conditions, template injection, slice bounds

// UNSAFE: Race condition
go func() { counter++ }()
// SAFE: Use sync primitives
atomic.AddInt64(&counter, 1)

// UNSAFE: Template injection
template.HTML(userInput)
// SAFE: Let template escape
{{.UserInput}}

Watch for: Goroutine data races, template.HTML(), unsafe package, unchecked slice access

Ruby

Main Risks: Mass assignment, YAML deserialization, regex DoS

# UNSAFE: Mass assignment
User.new(params[:user])
# SAFE: Strong parameters
User.new(params.require(:user).permit(:name, :email))

# UNSAFE: YAML RCE
YAML.load(user_input)
# SAFE: Use safe_load
YAML.safe_load(user_input)

Watch for: YAML.load, Marshal.load, eval, send with user input, .permit!

Rust

Main Risks: Unsafe blocks, FFI boundary issues, integer overflow in release

// CAUTION: Unsafe bypasses safety
unsafe { ptr::read(user_ptr) }

// CAUTION: Release integer overflow
let x: u8 = 255;
let y = x + 1; // Wraps to 0 in release!
// SAFE: Use checked arithmetic
let y = x.checked_add(1).unwrap_or(255);

Watch for: unsafe blocks, FFI calls, integer overflow in release builds, .unwrap() on untrusted input

Swift

Main Risks: Force unwrapping crashes, Objective-C interop

// UNSAFE: Force unwrap on untrusted data
let value = jsonDict["key"]!
// SAFE: Safe unwrapping
guard let value = jsonDict["key"] else { return }

// UNSAFE: Format string
String(format: userInput, args)
// SAFE: Don't use user input as format

Watch for: force unwrap (!), try!, ObjC bridging, NSSecureCoding misuse

Kotlin

Main Risks: Null safety bypass, Java interop, serialization

// UNSAFE: Platform type from Java
val len = javaString.length // NPE if null
// SAFE: Explicit null check
val len = javaString?.length ?: 0

// UNSAFE: Reflection
clazz.getDeclaredMethod(userInput)
// SAFE: Allowlist methods

Watch for: Java interop nulls (! operator), reflection, serialization, platform types

C / C++

Main Risks: Buffer overflow, use-after-free, format string

// UNSAFE: Buffer overflow
char buf[10]; strcpy(buf, userInput);
// SAFE: Bounds checking
strncpy(buf, userInput, sizeof(buf) - 1);

// UNSAFE: Format string
printf(userInput);
// SAFE: Always use format specifier
printf("%s", userInput);

Watch for: strcpy, sprintf, gets, pointer arithmetic, manual memory management, integer overflow

Scala

Main Risks: XML external entities, serialization, pattern matching exhaustiveness

// UNSAFE: XXE
val xml = XML.loadString(userInput)
// SAFE: Disable external entities
val factory = SAXParserFactory.newInstance()
factory.setFeature("http://xml.org/sax/features/external-general-entities", false)

Watch for: Java interop issues, XML parsing, Serializable, exhaustive pattern matching

R

Main Risks: Code injection, file path manipulation

# UNSAFE: eval injection
eval(parse(text = user_input))
# SAFE: Never parse user input as code

# UNSAFE: Path traversal
read.csv(paste0("data/", user_file))
# SAFE: Validate filename
if (grepl("^[a-zA-Z0-9]+\\.csv$", user_file)) read.csv(...)

Watch for: eval(), parse(), source(), system(), file path manipulation

Perl

Main Risks: Regex injection, open() injection, taint mode bypass

# UNSAFE: Regex DoS
$input =~ /$user_pattern/;
# SAFE: Use quotemeta
$input =~ /\Q$user_pattern\E/;

# UNSAFE: open() command injection
open(FILE, $user_file);
# SAFE: Three-argument open
open(my $fh, '<', $user_file);

Watch for: Two-arg open(), regex from user input, backticks, eval, disabled taint mode

Shell (Bash)

Main Risks: Command injection, word splitting, globbing

# UNSAFE: Unquoted variables
rm $user_file
# SAFE: Always quote
rm "$user_file"

# UNSAFE: eval
eval "$user_command"
# SAFE: Never eval user input

Watch for: Unquoted variables, eval, backticks, $(...) with user input, missing set -euo pipefail

Lua

Main Risks: Sandbox escape, loadstring injection

-- UNSAFE: Code injection
loadstring(user_code)()
-- SAFE: Use sandboxed environment with restricted functions

Watch for: loadstring, loadfile, dofile, os.execute, io library, debug library

Elixir

Main Risks: Atom exhaustion, code injection, ETS access

# UNSAFE: Atom exhaustion DoS
String.to_atom(user_input)
# SAFE: Use existing atoms only
String.to_existing_atom(user_input)

# UNSAFE: Code injection
Code.eval_string(user_input)
# SAFE: Never eval user input

Watch for: String.to_atom, Code.eval_string, :erlang.binary_to_term, ETS public tables

Dart / Flutter

Main Risks: Platform channel injection, insecure storage

// UNSAFE: Storing secrets in SharedPreferences
prefs.setString('auth_token', token);
// SAFE: Use flutter_secure_storage
secureStorage.write(key: 'auth_token', value: token);

Watch for: Platform channel data, dart:mirrors, Function.apply, insecure local storage

PowerShell

Main Risks: Command injection, execution policy bypass

# UNSAFE: Injection
Invoke-Expression $userInput
# SAFE: Avoid Invoke-Expression with user data

# UNSAFE: Unvalidated path
Get-Content $userPath
# SAFE: Validate path is within allowed directory

Watch for: Invoke-Expression, & $userVar, Start-Process with user args, -ExecutionPolicy Bypass

SQL (All Dialects)

Main Risks: Injection, privilege escalation, data exfiltration

-- UNSAFE: String concatenation
"SELECT * FROM users WHERE id = " + userId

-- SAFE: Parameterized query (language-specific)
-- Use prepared statements in ALL cases

Watch for: Dynamic SQL, EXECUTE IMMEDIATE, stored procedures with dynamic queries, privilege grants

Deep Security Analysis Mindset

When reviewing any language, think like a senior security researcher:

Memory Model: How does the language handle memory? Managed vs manual? GC pauses exploitable?
Type System: Weak typing = type confusion attacks. Look for coercion exploits.
Serialization: Every language has its pickle/Marshal equivalent. All are dangerous.
Concurrency: Race conditions, TOCTOU, atomicity failures specific to the threading model.
FFI Boundaries: Native interop is where type safety breaks down.
Standard Library: Historic CVEs in std libs (Python urllib, Java XML, Ruby OpenSSL).
Package Ecosystem: Typosquatting, dependency confusion, malicious packages.
Build System: Makefile/gradle/npm script injection during builds.
Runtime Behavior: Debug vs release differences (Rust overflow, C++ assertions).
Error Handling: How does the language fail? Silently? With stack traces? Fail-open?

For any language not listed: Research its specific CWE patterns, CVE history, and known footguns. The examples above are entry points, not complete coverage.

When to Apply This Skill

Use this skill when:

Writing authentication or authorization code
Handling user input or external data
Implementing cryptography or password storage
Reviewing code for security vulnerabilities
Designing API endpoints
Building AI agent systems
Configuring application security settings
Handling errors and exceptions
Working with third-party dependencies
Working in any language - apply the deep analysis mindset above

Weekly Installs

106

Repository

agamm/claude-code-owasp

GitHub Stars

First Seen

Feb 1, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

opencode88

gemini-cli86

codex85

cursor83

github-copilot81

claude-code80

Better Auth 最佳实践指南：集成、配置与安全设置完整教程

31,200 周安装

OWASP安全最佳实践指南：代码审查清单、漏洞预防与AI安全（2025-2026）

🇨🇳中文介绍

OWASP 安全最佳实践技能

快速参考：OWASP Top 10:2025

| 漏洞 | 关键预防措施

安全代码审查清单

输入处理

身份验证与会话

访问控制

数据保护

错误处理

相关 Skills

安全代码模式

SQL 注入预防

命令注入预防

密码存储

访问控制

错误处理

失败即关闭模式

智能体 AI 安全 (OWASP 2026)

智能体安全检查清单

ASVS 5.0 关键要求

级别 1（所有应用程序）

级别 2（敏感数据）

级别 3（关键系统）

特定语言的安全特性

JavaScript / TypeScript

Python

Java

C#

PHP

Go

Ruby

Rust

Swift

Kotlin

C / C++

Scala

R

Perl

Shell (Bash)

Lua

Elixir

Dart / Flutter

PowerShell

SQL (所有方言)

深度安全分析思维模式

何时应用此技能

🇺🇸English

OWASP Security Best Practices Skill

Quick Reference: OWASP Top 10:2025

| Vulnerability | Key Prevention

Security Code Review Checklist

Input Handling

Authentication & Sessions

Access Control

Data Protection

Error Handling

Secure Code Patterns

SQL Injection Prevention

Command Injection Prevention

Password Storage

Access Control

Error Handling

Fail-Closed Pattern

Agentic AI Security (OWASP 2026)

Agent Security Checklist

ASVS 5.0 Key Requirements

Level 1 (All Applications)

Level 2 (Sensitive Data)

Level 3 (Critical Systems)

Language-Specific Security Quirks

JavaScript / TypeScript

Python

Java

C#

PHP

Go

Ruby

Rust