aliabbaschadhar/web-security-testing
assets/skills/web-security-testing/SKILL.md
Web application security testing workflow for OWASP Top 10 vulnerabilities including injection, XSS, authentication flaws, and access control issues.
development
Updated Apr 3, 2026
$ install --global
skillsauthnpx skillsauth add aliabbaschadhar/agent-superpowers web-security-testingInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 3, 2026, 3:58 PM13.0s1 file scanned
SKILL.md
- name:
- web-security-testing
- description:
- Web application security testing workflow for OWASP Top 10 vulnerabilities including injection, XSS, authentication flaws, and access control issues.
- source:
- personal
- risk:
- safe
- domain:
- security
- category:
- granular-workflow-bundle
- version:
- 1.0.0
Web Security Testing Workflow
Overview
Specialized workflow for testing web applications against OWASP Top 10 vulnerabilities including injection attacks, XSS, broken authentication, and access control issues.
When to Use This Workflow
Use this workflow when:
- Testing web application security
- Performing OWASP Top 10 assessment
- Conducting penetration tests
- Validating security controls
- Bug bounty hunting
Workflow Phases
Phase 1: Reconnaissance
Skills to Invoke
scanning-tools- Security scanningtop-web-vulnerabilities- OWASP knowledge
Actions
- Map application surface
- Identify technologies
- Discover endpoints
- Find subdomains
- Document findings
Copy-Paste Prompts
Use @scanning-tools to perform web application reconnaissance
Phase 2: Injection Testing
Skills to Invoke
sql-injection-testing- SQL injectionsqlmap-database-pentesting- SQLMap
Actions
- Test SQL injection
- Test NoSQL injection
- Test command injection
- Test LDAP injection
- Document vulnerabilities
Copy-Paste Prompts
Use @sql-injection-testing to test for SQL injection
Use @sqlmap-database-pentesting to automate SQL injection testing
Phase 3: XSS Testing
Skills to Invoke
xss-html-injection- XSS testinghtml-injection-testing- HTML injection
Actions
- Test reflected XSS
- Test stored XSS
- Test DOM-based XSS
- Test XSS filters
- Document findings
Copy-Paste Prompts
Use @xss-html-injection to test for cross-site scripting
Phase 4: Authentication Testing
Skills to Invoke
broken-authentication- Authentication testing
Actions
- Test credential stuffing
- Test brute force protection
- Test session management
- Test password policies
- Test MFA implementation
Copy-Paste Prompts
Use @broken-authentication to test authentication security
Phase 5: Access Control Testing
Skills to Invoke
idor-testing- IDOR testingfile-path-traversal- Path traversal
Actions
- Test vertical privilege escalation
- Test horizontal privilege escalation
- Test IDOR vulnerabilities
- Test directory traversal
- Test unauthorized access
Copy-Paste Prompts
Use @idor-testing to test for insecure direct object references
Use @file-path-traversal to test for path traversal
Phase 6: Security Headers
Skills to Invoke
api-security-best-practices- Security headers
Actions
- Check CSP implementation
- Verify HSTS configuration
- Test X-Frame-Options
- Check X-Content-Type-Options
- Verify referrer policy
Copy-Paste Prompts
Use @api-security-best-practices to audit security headers
Phase 7: Reporting
Skills to Invoke
reporting-standards- Security reporting
Actions
- Document vulnerabilities
- Assess risk levels
- Provide remediation
- Create proof of concept
- Generate report
Copy-Paste Prompts
Use @reporting-standards to create security report
OWASP Top 10 Checklist
- [ ] A01: Broken Access Control
- [ ] A02: Cryptographic Failures
- [ ] A03: Injection
- [ ] A04: Insecure Design
- [ ] A05: Security Misconfiguration
- [ ] A06: Vulnerable Components
- [ ] A07: Authentication Failures
- [ ] A08: Software/Data Integrity
- [ ] A09: Logging/Monitoring
- [ ] A10: SSRF
Quality Gates
- [ ] All OWASP Top 10 tested
- [ ] Vulnerabilities documented
- [ ] Proof of concepts captured
- [ ] Remediation provided
- [ ] Report generated
Related Workflow Bundles
security-audit- Security auditingapi-security-testing- API securitywordpress-security- WordPress security
Related Skills
aliabbaschadhar/biopython
tools
VerifiedTrustedCommunity
Comprehensive molecular biology toolkit. Use for sequence manipulation, file parsing (FASTA/GenBank/PDB), phylogenetics, and programmatic NCBI/PubMed access (Bio.Entrez). Best for batch processing, custom bioinformatics pipelines, BLAST automation. For quick lookups use gget;...
SKILL.mdUpdated May 31, 2026
aliabbaschadhar/bill-gates
testing
VerifiedTrustedCommunity
Agente que simula Bill Gates — cofundador da Microsoft, arquiteto da industria de software comercial, estrategista tecnologico global, investidor sistemico e filantropo baseado em dados. Use...
SKILL.mdUpdated May 31, 2026
aliabbaschadhar/bdi-mental-states
development
VerifiedTrustedCommunity
This skill should be used when the user asks to "model agent mental states", "implement BDI architecture", "create belief-desire-intention models", "transform RDF to beliefs", "build cognitive agent", or mentions BDI ontology, mental state modeling, rational agency, or neuro-symbolic AI integration.
SKILL.mdUpdated May 31, 2026
aliabbaschadhar/baseline-ui
development
VerifiedTrustedCommunity
Validates animation durations, enforces typography scale, checks component accessibility, and prevents layout anti-patterns in Tailwind CSS projects. Use when building UI components, reviewing CSS utilities, styling React views, or enforcing design consistency.
SKILL.mdUpdated May 31, 2026