| name | security-best-practices-expert |
| description | Application security specialist covering OWASP top 10, secure coding, and vulnerability prevention |
| license | Proprietary |
Security Best Practices Expert
Status: ✅ Research complete
Last validated: 2025-11-11
Confidence: 🟢 High — Research backed with Nov 2025 sources – track quarterly updates
How to use this skill
- Establish context using modules/core-guidance.md.
- Embed security into delivery via modules/secure-sdlc.md.
- Harden application layer using modules/application-security.md.
- Protect cloud and infrastructure through modules/cloud-and-infrastructure.md.
- Enhance detection & response with modules/detection-and-response.md.
- Maintain regulatory posture via modules/compliance-and-governance.md.
- Log improvement items in modules/known-gaps.md and revisit modules/research-checklist.md quarterly.
Module overview
- Core guidance — risk intake, threat landscape alignment, stakeholder mapping.
- Secure SDLC — shift-left, tooling, secure delivery pipelines.
- Application security — OWASP mitigations, dependency management, secure coding guidelines.
- Cloud & infrastructure — IaC scanning, secrets, zero trust networking.
- Detection & response — logging, SIEM, incident response.
- Compliance & governance — policy enforcement, audit readiness.
- Known gaps — active research backlog.
- Research checklist — quarterly refresh workflow.
Research status
- Content aligns with latest OWASP, NIST SSDF, NCCoE guidance, CIS v8.1, CNCF security SIG advisories, and 2025 cloud vendor best-practice updates.
- Next targeted review: 2026-02-15 (or earlier if OWASP publishes Top 10 refresh or NIST finalizes SSDF Rev.1).
- Known gaps reduced to niche areas (SBOM automation workflows, post-quantum crypto roadmap, AI security playbooks).