From 29194c165836e53434eec724f4e1d9d2099cfb59 Mon Sep 17 00:00:00 2001 From: Asbed B Date: Sat, 31 Jan 2026 18:25:14 +1100 Subject: [PATCH 1/2] added security command --- src/features/commands.ts | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/src/features/commands.ts b/src/features/commands.ts index cabcc427..414047ac 100644 --- a/src/features/commands.ts +++ b/src/features/commands.ts @@ -373,6 +373,33 @@ Have a look at these resources on how to ask good questions: - [Coding Killed the Cat: "How to Ask for Programming Help"](http://wp.me/p2oIwo-26) - [Stack Overflow: "How do I ask a good question?"](https://stackoverflow.com/help/how-to-ask) - [Eric S. Raymond; "How To Ask Questions The Smart Way"](https://git.io/JKscV) +`, + color: EMBED_COLOR, + }, + ], + }); + }, + }, + { + words: [`!security`], + help: `general information around managing security for a web application.`, + category: "Reactiflux", + handleMessage: (msg) => { + msg.channel.send({ + embeds: [ + { + title: "Security Tips", + type: EmbedType.Rich, + description: `Managing security in a web application requires a proactive approach. + +Some points to consider: + +- Don't use create-react-app it is [no longer recommended](https://react.dev/blog/2025/02/14/sunsetting-create-react-app). +- Set up automated alerts via a service like [dependabot](https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide) to be notified of new disclosures. +- Review packages either by inspecting the code or use a service like [Snyk](https://security.snyk.io/vuln/npm). +- Proactively keep your technology up to date – (everything not just packages). +- Test your code – follow safe practices (like sanitising errors) and ensure you audit features and functionality before pushing to prod. +- Set up multi-factor authentication and avoid re-using passwords by implementing something like a password manager to avoid credential stuffing attacks. `, color: EMBED_COLOR, }, From 277715d7547e97d943887706dd54e46042beb75a Mon Sep 17 00:00:00 2001 From: Asbed B Date: Fri, 6 Feb 2026 09:48:00 +1100 Subject: [PATCH 2/2] Updated Verbiage after feedback to be more actionable --- src/features/commands.ts | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/features/commands.ts b/src/features/commands.ts index 414047ac..14c72c85 100644 --- a/src/features/commands.ts +++ b/src/features/commands.ts @@ -394,12 +394,14 @@ Have a look at these resources on how to ask good questions: Some points to consider: -- Don't use create-react-app it is [no longer recommended](https://react.dev/blog/2025/02/14/sunsetting-create-react-app). +- Don't use create-react-app it is [no longer supported](https://react.dev/blog/2025/02/14/sunsetting-create-react-app). - Set up automated alerts via a service like [dependabot](https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide) to be notified of new disclosures. -- Review packages either by inspecting the code or use a service like [Snyk](https://security.snyk.io/vuln/npm). +- Review packages either by inspecting the code or using a service like [Snyk](https://security.snyk.io/vuln/npm). +- Apply [secure coding principles and practices](https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/stable-en/02-checklist/05-checklist.html) - there are [free for open source tool](https://owasp.org/www-community/Free_for_Open_Source_Application_Security_Tools) like [Sonar Qube](https://www.sonarsource.com/open-source-editions/sonarqube-community-edition/) which help find common vulnerabilities like SQL injection, cross-site scripting (XSS), path traversal, and insecure configurations. - Proactively keep your technology up to date – (everything not just packages). -- Test your code – follow safe practices (like sanitising errors) and ensure you audit features and functionality before pushing to prod. -- Set up multi-factor authentication and avoid re-using passwords by implementing something like a password manager to avoid credential stuffing attacks. +- Keep your identity safe online, don't reuse passwords, enable multi-factor authentication and use a password manager service. + +If you are ever unsure just ask! Better to be safe then sorry. `, color: EMBED_COLOR, },