Initialize Varbase Security Base Recipe

Problem/Motivation

There is a need for a unified, opinionated base recipe that establishes a strong default security
foundation for all Varbase sites while remaining configurable per project.

Proposed resolution

Introduce a new Varbase Security Base recipe to centralize default security modules and configurations. This recipe will provide a comprehensive security baseline covering authentication, form protection, bot mitigation, and common web security protections.

Included Security Features

• Password Policy with character types, length, history, and username checks
• Username Enumeration Prevention to reduce account discovery attacks
• Security Kit (SecKit) for XSS, CSRF, and clickjacking protection
• CAPTCHA & reCAPTCHA for form abuse protection
• Honeypot for invisible spam prevention
• Antibot for additional automated bot mitigation
• Flood Control to prevent brute-force and abuse scenarios

Remaining tasks

• ✅ File an issue about this project
• ✅ Addition/Change/Update/Fix to this project
• ✅ Testing to ensure no regression
• ✅ Automated unit/functional testing coverage
• ✅ Developer Documentation support on feature change/addition
• ➖ User Guide Documentation support on feature change/addition
• ➖ UX/UI designer responsibilities
• ➖ Accessibility and Readability
• ✅ Code review from 1 Varbase core team member
• ✅ Full testing and approval
• ✅ Credit contributors
• ✅ Review with the product owner
• ✅ Update Release Notes
• ❌ Release varbase-11.0.0-alpha1, varbase_starter-1.0.0-alpha1, varbase_security_base-1.0.0-alpha1

User interface changes

• N/A

API changes

• N/A

Data model changes

• N/A

Release notes snippet

• feat: #3566526 Initialize Varbase Security Base Recipe