Security, QA & Best Practices Skill

Quick Start - Secure Authentication

import bcrypt from 'bcrypt'; import jwt from 'jsonwebtoken';

// Hash password const password = 'user_password'; const hash = await bcrypt.hash(password, 10);

// Verify password const isValid = await bcrypt.compare(password, hash);

// Issue JWT const token = jwt.sign( { userId: 1, email: 'user@example.com' }, process.env.JWT_SECRET, { expiresIn: '24h', algorithm: 'HS256' } );

// Verify JWT const decoded = jwt.verify(token, process.env.JWT_SECRET);

Core Technologies

Security Tools

• Burp Suite

• OWASP ZAP

• Snort/Suricata

• Nmap

Testing Frameworks

• Selenium / Cypress

• Jest / pytest

• JMeter / Gatling

• Postman / Insomnia

Code Quality

• SonarQube

• ESLint / Prettier

• Pylint / Black

Best Practices

• OWASP Top 10 - Know and prevent vulnerabilities

• Secure Coding - Input validation, parameterized queries

• Testing - Unit, integration, and E2E tests

• Code Review - Peer review process

• Monitoring - Continuous security monitoring

• Compliance - GDPR, HIPAA, PCI-DSS

• Incident Response - Clear procedures

• Documentation - Security policies

Resources

• OWASP Top 10

• Burp Suite Documentation

• SonarQube Documentation