Java CWE Security Skills Collection

Use this skill when fixing Java security vulnerabilities, remediating SAST findings, or resolving CWE issues.

Quick Install

npx skills add DevelopersCoffee/java-cwe-security-skills --all

What is Included

53 deterministic remediation patterns for CWEs in Java.

Skills by Category

Critical - Injection

• CWE-89: SQL Injection
• CWE-79: Cross-Site Scripting
• CWE-78: OS Command Injection
• CWE-94: Code Injection

Critical - Authentication

• CWE-287: Improper Authentication
• CWE-306: Missing Authentication
• CWE-284: Improper Access Control

High - Cryptography

• CWE-327: Broken Crypto Algorithm
• CWE-328: Weak Hash
• CWE-330: Insufficient Randomness

High - Data Exposure

• CWE-200: Information Exposure
• CWE-209: Error Message Exposure
• CWE-532: Log Injection

Medium - Input Validation

• CWE-22: Path Traversal
• CWE-611: XXE Injection
• CWE-502: Insecure Deserialization

Medium - Resource Management

• CWE-400: Resource Exhaustion
• CWE-770: Resource Allocation Limits

Repository

https://github.com/DevelopersCoffee/java-cwe-security-skills

License: MIT