src/resources/static/security_guidelines.md

Security Guidelines

Common Vulnerabilities

SQL Injection

• Always use parameterized queries
• Never concatenate user input into SQL
• Use ORM frameworks when possible

XSS (Cross-Site Scripting)

• Sanitize all user input
• Escape output in HTML contexts
• Use Content Security Policy headers

Authentication

• Hash passwords with bcrypt or Argon2
• Implement rate limiting on auth endpoints
• Use secure session management
• Enable multi-factor authentication

API Security

• Validate all input data
• Use HTTPS for all communications
• Implement proper CORS policies
• Rate limit API endpoints

Sensitive Data

• Never log passwords or tokens
• Use environment variables for secrets
• Encrypt sensitive data at rest
• Implement proper access controls

Security Tools

• Bandit: Python security linter
• Safety: Check dependencies for vulnerabilities
• OWASP ZAP: Web application security scanner