springboot-security
Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.
57
48%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/springboot-security/SKILL.mdEvaluation results
100%
10%Secure REST API for Mobile Banking Backend
JWT authentication and security configuration
OncePerRequestFilter
100%
100%
Bearer extraction
100%
100%
Stateless session
100%
100%
CSRF disabled
100%
100%
Content Security Policy
0%
100%
Additional security headers
100%
100%
CORS via bean
100%
100%
No wildcard CORS origin
100%
100%
Externalized secrets
100%
100%
Deny by default
100%
100%
100%
10%HR Employee Account Management Service
Input validation, password encoding, and method security
@Valid on controller
100%
100%
@NotBlank constraint
100%
100%
@Email constraint
100%
100%
Size or range constraint
100%
100%
Password hashed
100%
100%
PasswordEncoder bean
100%
100%
BCrypt cost factor 12
0%
100%
@EnableMethodSecurity
100%
100%
@PreAuthorize on admin endpoints
100%
100%
Parameterized queries
100%
100%
100%
20%API Abuse Prevention and Audit Logging for Patient Portal
Rate limiting and secure audit logging
Bucket4j dependency
100%
100%
OncePerRequestFilter
0%
100%
HTTP 429 on limit exceeded
100%
100%
Retry hint in response
100%
100%
Burst logging
0%
100%
Per-client bucketing
100%
100%
No credentials in logs
100%
100%
Sensitive fields redacted
100%
100%
Structured log format
100%
100%
IMPLEMENTATION_NOTES content
100%
100%
- Repository
- ysyecust/everything-claude-code
- Commit
79cc4e3
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.