ClaudesecuritySecurity

Security Claude Rules

Security-focused Claude rules for any codebase: OWASP top 10, secrets management, auth, and vulnerability prevention.

CLAUDE.md

- Treat all external input as untrusted; validate shape, type, and range
- Use environment-specific secret management (Vault, AWS Secrets Manager, Doppler)
- Implement proper session management: short-lived tokens, refresh rotation
- Use constant-time comparison for security-sensitive string equality checks
- Apply Content Security Policy and review it regularly
- Audit dependencies weekly with npm audit, pip-audit, or cargo audit
- Log security events (failed logins, permission errors) to immutable audit log
- Perform threat modeling before building new authentication flows

How to use with Claude

Create a `CLAUDE.md` file in your project root. Claude Code reads this on startup and follows your conventions throughout the session.

← All Claude rules All security rules →

#security#claude#owasp#auth#coding-rules

Related Rules

React Claude Rules

ClaudeReact

Claude rules for React: component design, state patterns, performance, and testing conventions in CLAUDE.md.

Architecture

react · claudeCopy Ready

Next.js Claude Rules

ClaudeNext.js

Claude rules for Next.js App Router: streaming, server actions, caching, and production deployment patterns.

Architecture

nextjs · claudeCopy Ready

Go Claude Rules

ClaudeGo

Claude rules for Go: project structure, error handling, testing, and idiomatic Go patterns.

Architecture

go · golangCopy Ready

Rust Claude Rules

ClaudeRust

Claude rules for Rust: zero-cost abstractions, async with Tokio, error types, and high-performance Rust patterns.

Performance

rust · tokioCopy Ready