← Back to list
security-principles
by exceptionless
Exceptionless application
⭐ 2,449🍴 513📅 Jan 22, 2026
Run in ManusSKILL.md
name: Security Principles description: | Security best practices for the Exceptionless codebase. Secrets management, input validation, secure defaults, and avoiding common vulnerabilities. Keywords: security, secrets, encryption, PII, logging, input validation, secure defaults, environment variables, OWASP, cryptography
Security Principles
Secrets Management
Secrets are injected via Kubernetes ConfigMaps and environment variables — never commit secrets to the repository.
- Configuration files — Use
appsettings.ymlfor non-secret config - Environment variables — Secrets injected at runtime via
EX_*prefix - Kubernetes — ConfigMaps mount configuration, Secrets mount credentials
// AppOptions binds to configuration (including env vars)
public class AppOptions
{
public string? StripeApiKey { get; set; }
public AuthOptions Auth { get; set; } = new();
}
Validate All Inputs
- Check bounds and formats before processing
- Use
ArgumentNullException.ThrowIfNull()and similar guards - Validate early, fail fast
Sanitize External Data
- Never trust data from queues, caches, user input, or external sources
- Validate against expected schema
- Sanitize HTML/script content before storage or display
No Sensitive Data in Logs
- Never log passwords, tokens, API keys, or PII
- Log identifiers and prefixes, not full values
- Use structured logging with safe placeholders
Use Secure Defaults
- Default to encrypted connections (SSL/TLS enabled)
- Default to restrictive permissions
- Require explicit opt-out for security features
Avoid Deprecated Cryptographic Algorithms
Use modern cryptographic algorithms:
- ❌
MD5,SHA1— Cryptographically broken - ✅
SHA256,SHA512— Current standards
Avoid Insecure Serialization
- ❌
BinaryFormatter— Insecure deserialization vulnerability - ✅
System.Text.Json,Newtonsoft.Json— Safe serialization
Input Bounds Checking
- Enforce minimum/maximum values on pagination parameters
- Limit batch sizes to prevent resource exhaustion
- Validate string lengths before storage
OWASP Reference
Review OWASP Top 10 regularly:
- Broken Access Control
- Cryptographic Failures
- Injection
- Insecure Design
- Security Misconfiguration
- Vulnerable and Outdated Components
- Identification and Authentication Failures
- Software and Data Integrity Failures
- Security Logging and Monitoring Failures
- Server-Side Request Forgery
Score
Total Score
80/100
Based on repository quality metrics
✓SKILL.md
SKILL.mdファイルが含まれている
+20
✓LICENSE
ライセンスが設定されている
+10
○説明文
100文字以上の説明がある
0/10
✓人気
GitHub Stars 1000以上
+15
✓最近の活動
1ヶ月以内に更新
+10
✓フォーク
10回以上フォークされている
+5
○Issue管理
オープンIssueが50未満
0/5
✓言語
プログラミング言語が設定されている
+5
✓タグ
1つ以上のタグが設定されている
+5
Reviews
💬
Reviews coming soon
