Add .opencode/rules/security.md
This commit is contained in:
22
.opencode/rules/security.md
Normal file
22
.opencode/rules/security.md
Normal file
@@ -0,0 +1,22 @@
|
|||||||
|
# Security Rules
|
||||||
|
|
||||||
|
## Generell
|
||||||
|
|
||||||
|
- Nie Secrets in Git
|
||||||
|
- Input immer validieren
|
||||||
|
- Output immer escapen
|
||||||
|
|
||||||
|
## XSS
|
||||||
|
|
||||||
|
- HTML specialchars() für User-Input in HTML
|
||||||
|
- Content-Security-Policy Header setzen
|
||||||
|
|
||||||
|
## CSRF
|
||||||
|
|
||||||
|
- CSRF Token bei Forms
|
||||||
|
- SameSite=Cookie
|
||||||
|
|
||||||
|
## SQL Injection
|
||||||
|
|
||||||
|
- Prepared Statements immer nutzen
|
||||||
|
- Nie User-Input direkt in SQL
|
||||||
Reference in New Issue
Block a user