Add .opencode/rules/security.md
This commit is contained in:
22
.opencode/rules/security.md
Normal file
22
.opencode/rules/security.md
Normal file
@@ -0,0 +1,22 @@
|
||||
# Security Rules
|
||||
|
||||
## Generell
|
||||
|
||||
- Nie Secrets in Git
|
||||
- Input immer validieren
|
||||
- Output immer escapen
|
||||
|
||||
## XSS
|
||||
|
||||
- HTML specialchars() für User-Input in HTML
|
||||
- Content-Security-Policy Header setzen
|
||||
|
||||
## CSRF
|
||||
|
||||
- CSRF Token bei Forms
|
||||
- SameSite=Cookie
|
||||
|
||||
## SQL Injection
|
||||
|
||||
- Prepared Statements immer nutzen
|
||||
- Nie User-Input direkt in SQL
|
||||
Reference in New Issue
Block a user