api-security-hardening
REST API security hardening with authentication, rate limiting, input validation, security headers. Use for production APIs, security audits, defense-in-depth, or encountering vulnerabilities, injection attacks, CORS issues.
95
93%
Does it follow best practices?
Impact
96%
1.21xAverage score across 3 eval scenarios
Passed
No known issues
Evaluation results
100%
9%Harden the User Registration API
Express security middleware stack
Uses helmet
100%
100%
Uses mongoSanitize
100%
100%
Uses xss-clean
100%
100%
General API rate limit
87%
100%
Auth route rate limit
50%
100%
Uses express-validator
100%
100%
Email validation
100%
100%
Password length and complexity
100%
100%
Name sanitization
62%
100%
400 on validation error
100%
100%
No secrets in code
100%
100%
100%
44%Secure the FastAPI User Service
FastAPI security hardening
TrustedHostMiddleware
100%
100%
CORSMiddleware origins
100%
100%
slowapi rate limiter
100%
100%
User creation rate limit
50%
100%
Security headers middleware
0%
100%
X-Frame-Options header
0%
100%
HSTS header
0%
100%
EmailStr type
0%
100%
Password strength rules
100%
100%
HPP prevention
46%
100%
90%
Write a Production Nginx Configuration for an API Reverse Proxy
Nginx security configuration
TLS protocols
100%
100%
Cipher suites
100%
100%
Server cipher preference
100%
100%
Request body size limit
100%
100%
Client timeouts
100%
100%
Method filtering
80%
40%
Rate limit zone
100%
60%
Security headers
100%
100%
HSTS header
100%
100%
CSP header
0%
100%
HTTP to HTTPS redirect
100%
100%
- Repository
- secondsky/claude-skills
- Commit
90d6bd7
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.