4. Security & Compliance

Provides a security pattern for implementing Message Authentication Codes (MACs) to verify data integrity and authenticate message origin using shared secrets.

Detects encoding bypass vulnerabilities (CWE-838) by identifying validation-before-normalization and double-encoding issues in URL and character set processing.

Enables stateless authentication using self-contained tokens (e.g., JWT) with embedded claims for serverless verification without session storage.

Provides a security pattern for input validation and sanitization to prevent injection attacks (SQL, XSS, command) and ensure data integrity from untrusted sources.

Enforces secure resource access by combining session-based authentication with authorization checks for protected resources.

Provides a security pattern for server-side token authentication using opaque tokens, enabling session management and immediate token revocation.

Provides security patterns for managing cryptographic keys throughout their lifecycle, including generation, storage, distribution, and usage.

Provides security patterns for implementing access control and authorization, including RBAC/ABAC, to prevent unauthorized access and privilege escalation.

Guides secure implementation of authentication mechanisms, covering design, verification, and OWASP flaw mitigation for user identity and system access.

Filters sensitive data in API responses to prevent excessive exposure, ensuring data minimization and OWASP API3:2019 compliance.

Provides a security pattern for implementing encryption and decryption with configurable algorithms, cipher modes, and key management to ensure data confidentiality.

Provides channel-level encryption (TLS/SSH) for securing all endpoint communications, preventing data leaks in transit.

Detects type confusion vulnerabilities (CWE-843) in dynamic language code by identifying weak typing and type coercion risks during review or generation.

Detects critical security anti-patterns in OAuth/OIDC flows, including missing CSRF protection and insecure redirect handling.

Provides a secure pattern for password-based authentication, including hashing, salting, peppering, and password policies for login systems.

Provides security pattern for digital signatures to verify authenticity and integrity of documents, code, or messages via asymmetric cryptography.

Detects hardcoded credentials and secrets in code, recommending secure alternatives like environment variables or secret managers to prevent security vulnerabilities.

Provides a base security pattern for integrating cryptographic primitives (encryption, digital signatures, MACs) with guidance on library selection and key management.

Detects unsafe string concatenation in SQL queries and recommends parameterized queries to prevent SQL injection attacks.

Identifies catastrophic backtracking patterns in regex to prevent Regular Expression Denial of Service (ReDoS) attacks during code generation and review.

Detects and prevents security vulnerabilities from verbose error messages that expose stack traces and sensitive information to end-users.

Detects missing input validation in code, a critical security anti-pattern (CWE-20), to prevent common attack vectors.

Provides transparent encryption at rest (TDE, full-disk, database) without application changes, mitigating data leakage risks.

Detects second-order injection vulnerabilities in code that uses internal data in subsequent queries without proper sanitization.