testing-security

📁 wojons/skills 📅 Today

总安装量

周安装量

#49815

全站排名

安装命令

npx skills add https://github.com/wojons/skills --skill testing-security

Agent 安装分布

amp 1

cline 1

opencode 1

cursor 1

kimi-cli 1

codex 1

Skill 文档

Security Testing

Identify vulnerabilities, security weaknesses, and potential threats in applications and infrastructure.

When to use me

Use this skill when:

Developing applications handling sensitive data
Complying with security standards (ISO 27001, SOC 2, HIPAA)
Preparing for security audits or penetration tests
Testing authentication and authorization systems
Checking for common vulnerabilities (OWASP Top 10)
Validating input validation and sanitization
Ensuring secure configuration and deployment

What I do

Vulnerability scanning for known security issues
Penetration testing to simulate real attacks
Authentication and authorization testing
Input validation and injection testing
Security configuration review
Data protection and encryption testing
Session management and cookie security testing
API security testing and rate limiting checks

Examples

# Security scanning tools
npm audit                         # Node.js dependency vulnerabilities
snyk test                        # Snyk vulnerability scanning
trivy image myapp:latest         # Container vulnerability scanning
bandit -r src/                   # Python security scanner
gosec ./...                     # Go security checker

# SAST (Static Application Security Testing)
semgrep scan --config auto       # Semgrep SAST
brakeman -A -w1                  # Ruby on Rails security scanner
sonarqube scan                  # Comprehensive code analysis

# DAST (Dynamic Application Security Testing)
zap-baseline.py -t https://app.example.com  # OWASP ZAP
nikto -h https://app.example.com             # Web server scanner

# Dependency checking
npm audit fix                   # Fix Node.js vulnerabilities
bundler-audit check             # Ruby gem vulnerabilities
pip-audit                      # Python package vulnerabilities

Output format

Security Test Results:
ââââââââââââââââââââââââââââââ
Critical Vulnerabilities (3):
  â SQL Injection in user search endpoint
    Risk: High | CVE-2023-12345
    Fix: Use parameterized queries
    
  â Hard-coded API key in config file
    Risk: Critical | CWE-798
    Fix: Move to environment variables
    
  â Missing rate limiting on login endpoint
    Risk: Medium | CWE-770
    Fix: Implement rate limiting

Medium Vulnerabilities (7):
  â ï¸ Missing security headers (CSP, HSTS)
  â ï¸ Verbose error messages expose system info
  â ï¸ Session timeout too long (24 hours)

Dependency Vulnerabilities:
  â ï¸ lodash 4.17.15: Prototype pollution (CVE-2020-8203)
  â All other dependencies up to date

Summary: 3 critical, 7 medium issues found
Recommendation: Fix critical issues before release

Notes

Follow OWASP Top 10 for web application security
Test both authenticated and unauthenticated access
Check for business logic vulnerabilities
Consider threat modeling during design phase
Implement security in CI/CD pipeline
Regular security scanning and penetration testing
Keep dependencies updated with security patches
Educate developers on secure coding practices

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台