diff --git a/.opencode/rules/security.md b/.opencode/rules/security.md new file mode 100644 index 0000000..a96803d --- /dev/null +++ b/.opencode/rules/security.md @@ -0,0 +1,22 @@ +# Security Rules + +## Generell + +- Nie Secrets in Git +- Input immer validieren +- Output immer escapen + +## XSS + +- HTML specialchars() für User-Input in HTML +- Content-Security-Policy Header setzen + +## CSRF + +- CSRF Token bei Forms +- SameSite=Cookie + +## SQL Injection + +- Prepared Statements immer nutzen +- Nie User-Input direkt in SQL