AI Coding Rules
CursorsecuritySecurity

Security Cursor Rules

Security-focused Cursor rules: input validation, secrets management, auth patterns, and OWASP best practices.

.cursorrules
- Validate and sanitize all user input at the boundary; use allow-lists not block-lists
- Never log sensitive data: passwords, tokens, PII, credit card numbers
- Store secrets in environment variables or secret managers; never in code
- Hash passwords with bcrypt/argon2id; never MD5 or SHA-1 for passwords
- Use HTTPS everywhere; set secure, httpOnly, SameSite cookies
- Implement rate limiting on all auth endpoints; add CAPTCHA for sensitive actions
- Follow least-privilege for all service accounts and IAM roles
- Add security headers: CSP, HSTS, X-Frame-Options, X-Content-Type-Options

How to use with Cursor

Create a `.cursorrules` file in your project root and paste these rules. Cursor reads this automatically on every AI interaction.

← All Cursor rulesAll security rules →
#security#owasp#auth#cursor#coding-rules

Related Rules

Python Cursor Rules

CursorPython

Best Cursor AI coding rules for Python development. Enforce type hints, PEP 8, Pythonic patterns, and modern Python best practices in your .cursorrules file.

Code Style
python · type-hintsCopy Ready

TypeScript Cursor Rules

CursorTypeScript

Cursor rules for TypeScript: enforce strict mode, eliminate any types, and write type-safe code with these .cursorrules configurations.

Code Style
typescript · strictCopy Ready

React Cursor Rules

CursorReact

Cursor rules for React: component patterns, hooks best practices, performance optimization, and clean state management conventions.

Architecture
react · hooksCopy Ready

Next.js Cursor Rules

CursorNext.js

Cursor rules for Next.js App Router: server components, data fetching, routing, and deployment best practices.

Architecture
nextjs · app-routerCopy Ready