Search Results: owasp

Found 242 Skills

Security & Compliancesergiodxa/agent-skills

owasp-security-check

Security audit guidelines for web applications and REST APIs based on OWASP Top 10 and web security best practices. Use when checking code for vulnerabilities, reviewing auth/authz, auditing APIs, or before production deployment.

🇺🇸|EnglishTranslated

Security & Compliancevchirrav/owasp-secure-cod...

dast-zap

Run OWASP ZAP for Dynamic Application Security Testing. Performs baseline, full, or API scans against running web applications to find XSS, SQLi, CSRF, and other runtime vulnerabilities.

🇺🇸|EnglishTranslated

Security & Complianceyariv1025/skills

owasp-api-security-top-10

OWASP API Security Top 10 - prevention, detection, and remediation for REST/GraphQL/API security. Use when designing or reviewing APIs - object- and function-level authorization, authentication, rate limiting and resource consumption, sensitive business flows, SSRF, API inventory and versioning, or consumption of third-party APIs.

🇺🇸|EnglishTranslated

Security & Complianceagamm/claude-code-owasp

owasp-security

Use when reviewing code for security vulnerabilities, implementing authentication/authorization, handling user input, or discussing web application security. Covers OWASP Top 10:2025, ASVS 5.0, and Agentic AI security (2026).

🇺🇸|EnglishTranslated

Security & Complianceclaude-dev-suite/claude-d...

owasp

OWASP security guidelines and Top 10 vulnerabilities USE WHEN: user mentions "OWASP", "security audit", "vulnerability scan", asks about "injection", "XSS", "CSRF", "access control", "authentication security" DO NOT USE FOR: OWASP Top 10:2025 specific - use `owasp-top-10` instead

🇺🇸|EnglishTranslated

AI & Machine Learningmastepanoski/claude-skill...

owasp-ai-testing

AI trustworthiness testing using OWASP AI Testing Guide v1. Execute 44 test cases across 4 layers (Application, Model, Infrastructure, Data) with practical payloads and remediation.

🇺🇸|EnglishTranslated

Security & Complianceyariv1025/skills

owasp-serverless-top-10

OWASP Serverless Top 10 - prevention, detection, and remediation for serverless (Lambda, Functions) security. Use when building or reviewing serverless apps - event injection, over-permissioned functions, insecure deps, secrets, config, and other serverless-specific interpretations of the Web Top 10.

🇺🇸|EnglishTranslated

Security & Complianceyariv1025/skills

owasp-cicd-top-10

OWASP Top 10 CI/CD Security Risks - prevention, detection, and remediation for pipeline security. Use when securing or reviewing CI/CD - flow control, IAM, dependency chain, poisoned pipeline execution, PBAC, credential hygiene, system config, third-party services, artifact integrity, logging and visibility.

🇺🇸|EnglishTranslated

Security & Compliancemukul975/anthropic-cybers...

integrating-dast-with-owasp-zap-in-pipeline

This skill covers integrating OWASP ZAP (Zed Attack Proxy) for Dynamic Application Security Testing in CI/CD pipelines. It addresses configuring baseline, full, and API scans against running applications, interpreting ZAP findings, tuning scan policies, and establishing DAST quality gates in GitHub Actions and GitLab CI.

🇺🇸|EnglishTranslated

2 scripts/Checked

Security & Complianceyonatangross/orchestkit

owasp-top-10

OWASP Top 10 security vulnerabilities and mitigations. Use when conducting security audits, implementing security controls, or reviewing code for common vulnerabilities.

🇺🇸|EnglishTranslated

Security & Compliancevchirrav/owasp-secure-cod...

secure-coding-audit

Audit code for security vulnerabilities using OWASP Secure Coding rules. Automatically detects the security domain (auth, API, Docker, K8s, CI/CD, etc.) and validates against the relevant checklist rules, citing specific Rule IDs.

🇺🇸|EnglishTranslated

Security & Complianceclaude-dev-suite/claude-d...

owasp-top-10

OWASP Top 10:2025 security vulnerabilities. Covers access control, injection, supply chain, cryptographic failures, and more. Use for security reviews. USE WHEN: user mentions "OWASP 2025", "Top 10", "security review", "vulnerability assessment", asks about "broken access control", "injection", "supply chain", "cryptographic failures", "exception handling" DO NOT USE FOR: general OWASP (2021) - use `owasp` instead, secrets - use `secrets-management`, dependencies - use `supply-chain`

🇺🇸|EnglishTranslated