secure-coding-java-skills

Secure Coding in Java — AI Skills for Claude Code

A collection of Claude Code skills that provide interactive, AI-assisted guidance on secure coding practices in Java, aligned with the OWASP Top 10:2025.

What Are These Skills?

These are Claude Code skills — structured knowledge files that Claude can load during coding sessions to provide context-aware security guidance. When a developer is working on authentication, input validation, cryptography, or any security-sensitive area, Claude can draw on these skills to offer specific, actionable advice with Spring Boot / Spring Security examples.

OWASP Top 10:2025 Coverage

#	Risk	Skill
A01	Broken Access Control	a01-broken-access-control
A02	Security Misconfiguration	a02-security-misconfiguration
A03	Software Supply Chain Failures	a03-supply-chain-failures
A04	Cryptographic Failures	a04-cryptographic-failures
A05	Injection	a05-injection
A06	Insecure Design	a06-insecure-design
A07	Authentication Failures	a07-authentication-failures
A08	Software or Data Integrity Failures	a08-integrity-failures
A09	Security Logging and Alerting Failures	a09-logging-alerting-failures
A10	Mishandling of Exceptional Conditions	a10-exceptional-conditions

Each Skill Covers

• Introduction — What the risk is and why it matters
• Vulnerability Examples — Insecure Spring Boot code with explanations
• Lab — Hands-on exercise placeholder (integrate your own labs)
• Best Practices — Secure coding patterns and fixes
• OWASP Cheat Sheet Series — Direct links to relevant cheat sheets
• OWASP ASVS — Applicable verification requirements

Installation

As a Claude Code Plugin

Clone this repo and point Claude Code at the skills directory:

git clone https://github.com/Cycubix-LTD/secure-coding-java-skills.git

Then add to your Claude Code project settings (.claude/settings.json):

{
  "skills": [
    "./secure-coding-java-skills/skills"
  ]
}

Individual Skills

You can also copy individual skill folders into your project’s .claude/skills/ directory.

Structure

secure-coding-java-skills/
├── README.md
├── LICENSE
├── skills/
│   ├── secure-coding-java/          # Master skill (routes to sub-skills)
│   │   └── SKILL.md
│   ├── a01-broken-access-control/
│   │   ├── SKILL.md
│   │   └── references/
│   │       └── examples.md
│   ├── a02-security-misconfiguration/
│   │   ├── SKILL.md
│   │   └── references/
│   │       └── examples.md
│   ... (one folder per OWASP Top 10 category)

Target Audience

Java developers working with Spring Boot and Spring Security who want to build secure applications. The examples use modern Spring Boot 3.x conventions and Jakarta EE namespace.

Contributing

Contributions are welcome! Please open an issue or pull request on GitHub.

License

This project is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License — see the LICENSE file for details.

Credits

• OWASP Top 10:2025
• OWASP Cheat Sheet Series
• OWASP ASVS 5.0
• Created by Cycubix

This site is open source. Improve this page.