# Security, forgehouse > Close the holes before someone finds them. Login and access patterns, secrets management, threat mapping and the hardening checklists we run before every release. The order here is deliberate: doors before alarms. Login and access control come first, then threat mapping and the hardening lists you run on every release. These are checklists written to be executed, not read once and shelved. ## Who this shelf is for - Developer shipping a login system and unsure where the holes are - Founder who needs a real threat assessment, not a compliance PDF - Engineer hardening servers and infrastructure before an audit ## Where to start There is no kit; start at the door. If your login is already live, begin with Auth Implementation Patterns, then map your exposure with Attack Tree Construction. ## Skills (22) - [Anti Reversing Techniques](https://forgehouse.ai/skills/anti-reversing-techniques/), Understand anti-reversing, obfuscation, and protection techniques encountered during software… - [Attack Tree Construction](https://forgehouse.ai/skills/attack-tree-construction/), Build comprehensive attack trees to visualize threat paths. - [Auth Implementation Patterns](https://forgehouse.ai/skills/auth-implementation-patterns/), Master authentication and authorization patterns including JWT, OAuth2, session management… - [Better Auth Best Practices](https://forgehouse.ai/skills/better-auth-best-practices/), Skill for integrating Better Auth, the comprehensive TypeScript authentication framework. - [Binary Analysis Patterns](https://forgehouse.ai/skills/binary-analysis-patterns/), Master binary analysis patterns including disassembly, decompilation, control flow analysis… - [Brain Snyk Trivy CI](https://forgehouse.ai/skills/brain-snyk-trivy-ci/), Configure Snyk + Trivy CI vulnerability scanning for Brain MCP servers, customer… - [Create Auth Skill](https://forgehouse.ai/skills/create-auth-skill/), Skill for creating auth layers in TypeScript/JavaScript apps using Better Auth. - [GDPR Data Handling](https://forgehouse.ai/skills/gdpr-data-handling/), Implement GDPR-compliant data handling with consent management, data subject rights, and… - [Guard](https://forgehouse.ai/skills/guard/), Security hardening and authentication patterns for authorization, OWASP compliance… - [Memory Forensics](https://forgehouse.ai/skills/memory-forensics/), Master memory forensics techniques including memory acquisition, process analysis, and… - [Memory Safety Patterns](https://forgehouse.ai/skills/memory-safety-patterns/), Implement memory-safe programming with RAII, ownership, smart pointers, and resource… - [PCI Compliance](https://forgehouse.ai/skills/pci-compliance/), Implement PCI DSS compliance requirements for secure handling of payment card data and payment… - [Protocol Reverse Engineering](https://forgehouse.ai/skills/protocol-reverse-engineering/), Master network protocol reverse engineering including packet analysis, protocol dissection… - [SAST Configuration](https://forgehouse.ai/skills/sast-configuration/), Configure Static Application Security Testing (SAST) tools for automated vulnerability… - [Secrets Management](https://forgehouse.ai/skills/secrets-management/), Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or… - [Security Requirement Extraction](https://forgehouse.ai/skills/security-requirement-extraction/), Derive security requirements from threat models and business context. - [Shell Security Hardening](https://forgehouse.ai/skills/shell-security-hardening/), Harden production Bash scripts against SQL injection, command injection, stdin bombing, race… - [Skill Security Auditor](https://forgehouse.ai/skills/skill-security-auditor/), Audit newly added or updated skill files for security threats. - [Stride Analysis Patterns](https://forgehouse.ai/skills/stride-analysis-patterns/), Apply STRIDE methodology to systematically identify threats. - [Supply Chain Risk Scoring](https://forgehouse.ai/skills/supply-chain-risk-scoring/), Score npm/PyPI/Cargo dependency risk before install/upgrade using bomdrift SBOM diff… - [Threat Mitigation Mapping](https://forgehouse.ai/skills/threat-mitigation-mapping/), Map identified threats to appropriate security controls and mitigations. - [WP CLI Secure Hardening](https://forgehouse.ai/skills/wp-cli-secure-hardening/), WordPress sitelerini WP-CLI ve bash hardening scriptleri ile uretim seviyesinde guvenli hale… ## FAQ ### Where does hardening start for a small team? With the doors, not the alarms: Auth Implementation Patterns and Better Auth Best Practices close the most common entry mistakes, then the hardening checklists sweep what ships with every release. ### Is threat modeling here, or just checklists? Both layers. Attack Tree Construction builds the actual threat model: who attacks, through what, at what cost, and the checklists turn its output into repeatable release discipline. ### Can Claude audit the auth I already built? Yes: the auth skills review sessions, token lifetimes, reset flows and role boundaries against known failure patterns, and return findings as fixes ranked by exposure. ## Related topics - [Development](https://forgehouse.ai/catalog/development/), 58 pieces - [DevOps & Infra](https://forgehouse.ai/catalog/devops-infra/), 33 pieces - [E-commerce & Payments](https://forgehouse.ai/catalog/ecommerce-payments/), 8 pieces https://forgehouse.ai/catalog/security/