Search Results: owasp

Found 181 Skills

Security & Complianceoakoss/agent-skills

application-security

Application security covering threat modeling (STRIDE), OWASP Top 10 (2025), OWASP API Security Top 10 (2023), secure coding review, authentication/authorization patterns, input validation, encryption, security headers, supply chain security, compliance (GDPR/HIPAA/SOC2/PCI-DSS), and security monitoring. Use when reviewing code for vulnerabilities, implementing auth patterns, securing APIs, configuring security headers, hardening supply chain, preventing injection attacks, or preparing for compliance audits.

🇺🇸|EnglishTranslated

Security & Compliancehardw00t/ai-security-arse...

api-security

Comprehensive API security testing skill for REST, GraphQL, gRPC, and WebSocket APIs. This skill should be used when performing API penetration testing, testing for OWASP API Top 10 vulnerabilities, fuzzing API endpoints, testing authentication/authorization, and analyzing API specifications. Triggers on requests to test API security, pentest REST APIs, test GraphQL endpoints, analyze OpenAPI/Swagger specs, or find API vulnerabilities.

🇺🇸|EnglishTranslated

Security & Compliancesrstomp/pokayokay

security-audit

Use when reviewing code security, auditing dependencies for CVEs, checking configuration or secret security, assessing authentication and authorization patterns, identifying OWASP vulnerabilities (injection, XSS, CSRF), or addressing security concerns about implementations.

🇺🇸|EnglishTranslated

Security & Complianceflorianbuetow/claude-code

misconfig

This skill should be used when the user asks to "check for misconfigurations", "analyze security headers", "find misconfigured settings", "check CORS policy", "find debug mode", "audit server configuration", or mentions "misconfiguration" in a security context. Maps to OWASP Top 10 2021 A05: Security Misconfiguration.

🇺🇸|EnglishTranslated

Security & Complianceflorianbuetow/claude-code

ssrf

This skill should be used when the user asks to "check for SSRF", "analyze server-side request forgery", "find URL fetching vulnerabilities", "check for internal network access", or mentions "SSRF", "URL fetching", "cloud metadata", "169.254.169.254", or "request forgery" in a security context. Maps to OWASP Top 10 2021 A10: Server-Side Request Forgery.

🇺🇸|EnglishTranslated

Security & Complianceflorianbuetow/claude-code

crypto

This skill should be used when the user asks to "check for cryptographic issues", "analyze encryption", "find weak hashing", "audit password storage", "check for hardcoded keys", or mentions "cryptography", "encryption", "hashing", "TLS", "certificates", or "random number generation" in a security context. Maps to OWASP Top 10 2021 A02: Cryptographic Failures.

🇺🇸|EnglishTranslated

Security & Compliancetoilahuongg/shopify-agent...

security-hardening

Security best practices for Shopify Apps. Covers OWASP Top 10, authentication, data protection, webhook verification, and secure coding patterns for Remix applications.

🇺🇸|EnglishTranslated

Security & Compliancenaodeng/awesome-qa-skills

security-testing

Design security testing solutions, including OWASP Top 10, penetration testing, and vulnerability scanning. Default output is Markdown, and Excel/CSV/JSON output is available upon request. Use for security testing or security-testing.

🇨🇳|ChineseTranslated

1 scripts/Attention

Security & Compliancekrzysztofsurdy/code-virtu...

security

Application security principles and OWASP Top 10. Covers injection prevention, authentication, authorization, data protection, secrets management, and security review practices.

🇺🇸|EnglishTranslated

Security & Complianceproffesor-for-testing/age...

security-testing

Test for security vulnerabilities using OWASP principles. Use when conducting security audits, testing auth, or implementing security practices.

🇺🇸|EnglishTranslated

Security & Compliancemukul975/anthropic-cybers...

performing-api-rate-limiting-bypass

Tests API rate limiting implementations for bypass vulnerabilities by manipulating request headers, IP addresses, HTTP methods, API versions, and encoding schemes to circumvent request throttling controls. The tester identifies rate limit headers, determines enforcement mechanisms, and attempts bypasses including X-Forwarded-For spoofing, parameter pollution, case variation, and endpoint path manipulation. Maps to OWASP API4:2023 Unrestricted Resource Consumption. Activates for requests involving rate limit bypass, API throttling evasion, brute force protection testing, or API abuse prevention assessment.

🇺🇸|EnglishTranslated

1 scripts/Checked

Security & Compliancepixel-process-ug/superkit...

security-review

Use when reviewing code for security vulnerabilities, implementing authentication or authorization, handling user input, managing secrets, or auditing dependencies for known CVEs. Triggers: auth implementation, input handling, secrets management, dependency audit, pre-deployment security check, OWASP compliance review.

🇺🇸|EnglishTranslated