# security > Security best practices - Author: Daniel - Repository: AgriciDaniel/claude-code-essentials-vs-code - Version: 20260130225743 - Stars: 0 - Forks: 0 - Last Updated: 2026-02-06 - Source: https://github.com/AgriciDaniel/claude-code-essentials-vs-code - Web: https://mule.run/skillshub/@@AgriciDaniel/claude-code-essentials-vs-code~security:20260130225743 --- --- name: security description: Security best practices --- Always check for and prevent: 1. SQL injection - use parameterized queries only 2. XSS - escape all user input in HTML output 3. CSRF - use tokens for state-changing requests 4. Hardcoded secrets - use environment variables 5. Insecure dependencies - check npm audit / pip audit 6. Missing input validation - validate all user inputs 7. Improper error exposure - don't leak stack traces 8. Missing authentication - verify auth on all protected routes 9. Broken access control - check authorization for every action 10. Sensitive data exposure - encrypt at rest and in transit