Back to Details

checking-owasp-compliance

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Owasp Compliance Checker

OWASP合规检查工具

This skill provides automated assistance for owasp compliance checker tasks.
本技能为OWASP合规检查任务提供自动化辅助。

Overview

概述

This skill empowers Claude to assess your project's adherence to the OWASP Top 10 (2021) security guidelines. It automates the process of identifying potential vulnerabilities related to common web application security risks, providing actionable insights to improve your application's security posture.
本技能使Claude能够评估你的项目是否符合OWASP Top 10(2021版)安全指南。它可自动识别与常见Web应用安全风险相关的潜在漏洞,提供可操作的见解以提升应用的安全态势。

How It Works

工作原理

  1. Initiate Scan: The skill activates the owasp-compliance-checker plugin upon request.
  2. Analyze Codebase: The plugin scans the codebase for potential vulnerabilities related to each OWASP Top 10 category.
  3. Generate Report: A detailed report is generated, highlighting compliance gaps and providing specific remediation guidance for each identified issue.
  1. 启动扫描:根据请求激活owasp-compliance-checker插件。
  2. 分析代码库:插件扫描代码库,查找与OWASP Top 10每个类别相关的潜在漏洞。
  3. 生成报告:生成详细报告,突出合规差距,并为每个已识别问题提供具体的修复指导。

When to Use This Skill

使用场景

This skill activates when you need to:
  • Evaluate your application's security posture against the OWASP Top 10 (2021).
  • Identify potential vulnerabilities related to common web application security risks.
  • Obtain actionable remediation guidance to address identified vulnerabilities.
  • Generate a compliance report for auditing or reporting purposes.
当你需要以下操作时,可激活本技能:
  • 根据OWASP Top 10(2021版)评估应用的安全态势。
  • 识别与常见Web应用安全风险相关的潜在漏洞。
  • 获取可操作的修复指导以解决已识别的漏洞。
  • 生成合规报告用于审计或汇报目的。

Examples

示例

Example 1: Identifying SQL Injection Vulnerabilities

示例1:识别SQL注入漏洞

User request: "Check OWASP compliance for SQL injection vulnerabilities."
The skill will:
  1. Activate the owasp-compliance-checker plugin.
  2. Scan the codebase for potential SQL injection vulnerabilities.
  3. Generate a report highlighting any identified SQL injection vulnerabilities and providing remediation guidance.
用户请求:"Check OWASP compliance for SQL injection vulnerabilities."
本技能将:
  1. 激活owasp-compliance-checker插件。
  2. 扫描代码库以查找潜在的SQL注入漏洞。
  3. 生成报告,突出所有已识别的SQL注入漏洞并提供修复指导。

Example 2: Assessing Overall OWASP Compliance

示例2:评估整体OWASP合规性

User request: "/owasp"
The skill will:
  1. Activate the owasp-compliance-checker plugin.
  2. Scan the entire codebase for vulnerabilities across all OWASP Top 10 categories.
  3. Generate a comprehensive report detailing compliance gaps and remediation steps for each category.
用户请求:"/owasp"
本技能将:
  1. 激活owasp-compliance-checker插件。
  2. 扫描整个代码库,查找所有OWASP Top 10类别中的漏洞。
  3. 生成全面报告,详细说明合规差距以及每个类别的修复步骤。

Best Practices

最佳实践

  • Regular Scanning: Integrate OWASP compliance checks into your development workflow for continuous security monitoring.
  • Prioritize Remediation: Address identified vulnerabilities based on their severity and potential impact.
  • Stay Updated: Keep your OWASP compliance checker plugin updated to benefit from the latest vulnerability detection rules and remediation guidance.
  • 定期扫描:将OWASP合规检查集成到开发工作流中,实现持续安全监控。
  • 优先修复:根据漏洞的严重性和潜在影响来处理已识别的问题。
  • 保持更新:及时更新OWASP合规检查插件,以利用最新的漏洞检测规则和修复指导。

Integration

集成

This skill can be integrated with other plugins to automate vulnerability remediation or generate comprehensive security reports. For example, it can be used in conjunction with a code modification plugin to automatically apply recommended fixes for identified vulnerabilities.
本技能可与其他插件集成,以自动化漏洞修复或生成全面的安全报告。例如,它可与代码修改插件配合使用,自动对已识别的漏洞应用推荐的修复方案。

Prerequisites

前提条件

  • Access to codebase and configuration files in {baseDir}/
  • Security scanning tools installed as needed
  • Understanding of security standards and best practices
  • Permissions for security analysis operations
  • 可访问{baseDir}/下的代码库和配置文件
  • 已安装所需的安全扫描工具
  • 了解安全标准和最佳实践
  • 拥有安全分析操作的权限

Instructions

操作步骤

  1. Identify security scan scope and targets
  2. Configure scanning parameters and thresholds
  3. Execute security analysis systematically
  4. Analyze findings for vulnerabilities and compliance gaps
  5. Prioritize issues by severity and impact
  6. Generate detailed security report with remediation steps
  1. 确定安全扫描范围和目标
  2. 配置扫描参数和阈值
  3. 系统地执行安全分析
  4. 分析结果以查找漏洞和合规差距
  5. 根据严重性和影响对问题进行优先级排序
  6. 生成包含修复步骤的详细安全报告

Output

输出内容

  • Security scan results with vulnerability details
  • Compliance status reports by standard
  • Prioritized list of security issues by severity
  • Remediation recommendations with code examples
  • Executive summary for stakeholders
  • 包含漏洞详情的安全扫描结果
  • 按标准分类的合规状态报告
  • 按严重性排序的安全问题优先级列表
  • 附带代码示例的修复建议
  • 面向利益相关者的执行摘要

Error Handling

错误处理

If security scanning fails:
  • Verify tool installation and configuration
  • Check file and directory permissions
  • Validate scan target paths
  • Review tool-specific error messages
  • Ensure network access for dependency checks
如果安全扫描失败:
  • 验证工具的安装和配置
  • 检查文件和目录权限
  • 验证扫描目标路径
  • 查看工具特定的错误消息
  • 确保网络可访问以进行依赖项检查

Resources

相关资源

  • Security standard documentation (OWASP, CWE, CVE)
  • Compliance framework guidelines (GDPR, HIPAA, PCI-DSS)
  • Security scanning tool documentation
  • Vulnerability remediation best practices
  • 安全标准文档(OWASP、CWE、CVE)
  • 合规框架指南(GDPR、HIPAA、PCI-DSS)
  • 安全扫描工具文档
  • 漏洞修复最佳实践