security-testing

Identify security vulnerabilities through SAST, DAST, penetration testing, and dependency scanning. Use for security test, vulnerability scanning, OWASP, SQL injection, XSS, CSRF, and penetration testing.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "security-testing" with this command: npx skills add aj-geddes/useful-ai-prompts/aj-geddes-useful-ai-prompts-security-testing

Security Testing

Table of Contents

Overview

Security testing identifies vulnerabilities, weaknesses, and threats in applications to ensure data protection, prevent unauthorized access, and maintain system integrity. It combines automated scanning (SAST, DAST) with manual penetration testing and code review.

When to Use

  • Testing for OWASP Top 10 vulnerabilities
  • Scanning dependencies for known vulnerabilities
  • Testing authentication and authorization
  • Validating input sanitization
  • Testing API security
  • Checking for sensitive data exposure
  • Validating security headers
  • Testing session management

Quick Start

Minimal working example:

# security_scan.py
from zapv2 import ZAPv2
import time

class SecurityScanner:
    def __init__(self, target_url, api_key=None):
        self.zap = ZAPv2(apikey=api_key, proxies={
            'http': 'http://localhost:8080',
            'https': 'http://localhost:8080'
        })
        self.target = target_url

    def scan(self):
        """Run full security scan."""
        print(f"Scanning {self.target}...")

        # Spider the application
        print("Spidering...")
        scan_id = self.zap.spider.scan(self.target)
        while int(self.zap.spider.status(scan_id)) < 100:
            time.sleep(2)
            print(f"Spider progress: {self.zap.spider.status(scan_id)}%")

        # Active scan
        print("Running active scan...")
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

GuideContents
OWASP ZAP (DAST)OWASP ZAP (DAST)
SQL Injection TestingSQL Injection Testing
XSS TestingXSS Testing
Authentication & Authorization TestingAuthentication & Authorization Testing
CSRF Protection TestingCSRF Protection Testing
Dependency Vulnerability ScanningDependency Vulnerability Scanning
Security Headers TestingSecurity Headers Testing
Secrets DetectionSecrets Detection

Best Practices

✅ DO

  • Run security scans in CI/CD
  • Test with real attack vectors
  • Scan dependencies regularly
  • Use security headers
  • Implement rate limiting
  • Validate and sanitize all input
  • Use parameterized queries
  • Test authentication/authorization thoroughly

❌ DON'T

  • Store secrets in code
  • Trust user input
  • Expose detailed error messages
  • Skip dependency updates
  • Use default credentials
  • Ignore security warnings
  • Test only happy paths
  • Commit sensitive data

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

api-security-hardening

No summary provided by upstream source.

Repository SourceNeeds Review
297-aj-geddes
Security

security-compliance-audit

No summary provided by upstream source.

Repository SourceNeeds Review
212-aj-geddes
Security

web-performance-audit

No summary provided by upstream source.

Repository SourceNeeds Review
163-aj-geddes
Security

security-audit-logging

No summary provided by upstream source.

Repository SourceNeeds Review
162-aj-geddes