testing-security

Test application security vulnerabilities

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "testing-security" with this command: npx skills add wojons/skills/wojons-skills-testing-security

Security Testing

Identify vulnerabilities, security weaknesses, and potential threats in applications and infrastructure.

When to use me

Use this skill when:

  • Developing applications handling sensitive data
  • Complying with security standards (ISO 27001, SOC 2, HIPAA)
  • Preparing for security audits or penetration tests
  • Testing authentication and authorization systems
  • Checking for common vulnerabilities (OWASP Top 10)
  • Validating input validation and sanitization
  • Ensuring secure configuration and deployment

What I do

  • Vulnerability scanning for known security issues
  • Penetration testing to simulate real attacks
  • Authentication and authorization testing
  • Input validation and injection testing
  • Security configuration review
  • Data protection and encryption testing
  • Session management and cookie security testing
  • API security testing and rate limiting checks

Examples

# Security scanning tools
npm audit                         # Node.js dependency vulnerabilities
snyk test                        # Snyk vulnerability scanning
trivy image myapp:latest         # Container vulnerability scanning
bandit -r src/                   # Python security scanner
gosec ./...                     # Go security checker

# SAST (Static Application Security Testing)
semgrep scan --config auto       # Semgrep SAST
brakeman -A -w1                  # Ruby on Rails security scanner
sonarqube scan                  # Comprehensive code analysis

# DAST (Dynamic Application Security Testing)
zap-baseline.py -t https://app.example.com  # OWASP ZAP
nikto -h https://app.example.com             # Web server scanner

# Dependency checking
npm audit fix                   # Fix Node.js vulnerabilities
bundler-audit check             # Ruby gem vulnerabilities
pip-audit                      # Python package vulnerabilities

Output format

Security Test Results:
──────────────────────────────
Critical Vulnerabilities (3):
  ❌ SQL Injection in user search endpoint
    Risk: High | CVE-2023-12345
    Fix: Use parameterized queries
    
  ❌ Hard-coded API key in config file
    Risk: Critical | CWE-798
    Fix: Move to environment variables
    
  ❌ Missing rate limiting on login endpoint
    Risk: Medium | CWE-770
    Fix: Implement rate limiting

Medium Vulnerabilities (7):
  ⚠️ Missing security headers (CSP, HSTS)
  ⚠️ Verbose error messages expose system info
  ⚠️ Session timeout too long (24 hours)

Dependency Vulnerabilities:
  ⚠️ lodash 4.17.15: Prototype pollution (CVE-2020-8203)
  ✅ All other dependencies up to date

Summary: 3 critical, 7 medium issues found
Recommendation: Fix critical issues before release

Notes

  • Follow OWASP Top 10 for web application security
  • Test both authenticated and unauthenticated access
  • Check for business logic vulnerabilities
  • Consider threat modeling during design phase
  • Implement security in CI/CD pipeline
  • Regular security scanning and penetration testing
  • Keep dependencies updated with security patches
  • Educate developers on secure coding practices

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

adversarial-thinking

No summary provided by upstream source.

Repository SourceNeeds Review
-23
wojons
General

redteam

No summary provided by upstream source.

Repository SourceNeeds Review
-23
wojons
General

performance-profiling

No summary provided by upstream source.

Repository SourceNeeds Review
-21
wojons