figulazmi/web-security-testing
.agents/skills/web-security-testing/SKILL.md
Web application security testing workflow for OWASP Top 10 vulnerabilities including injection, XSS, authentication flaws, and access control issues.
development
Updated Apr 17, 2026
$ install --global
skillsauthnpx skillsauth add figulazmi/token-monitor web-security-testingInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 14, 2026, 3:17 AM62.9s1 file scanned
SKILL.md
- name:
- web-security-testing
- description:
- Web application security testing workflow for OWASP Top 10 vulnerabilities including injection, XSS, authentication flaws, and access control issues.
- category:
- granular-workflow-bundle
- risk:
- safe
- source:
- personal
- date_added:
- 2026-02-27
Web Security Testing Workflow
Overview
Specialized workflow for testing web applications against OWASP Top 10 vulnerabilities including injection attacks, XSS, broken authentication, and access control issues.
When to Use This Workflow
Use this workflow when:
- Testing web application security
- Performing OWASP Top 10 assessment
- Conducting penetration tests
- Validating security controls
- Bug bounty hunting
Workflow Phases
Phase 1: Reconnaissance
Skills to Invoke
scanning-tools- Security scanningtop-web-vulnerabilities- OWASP knowledge
Actions
- Map application surface
- Identify technologies
- Discover endpoints
- Find subdomains
- Document findings
Copy-Paste Prompts
Use @scanning-tools to perform web application reconnaissance
Phase 2: Injection Testing
Skills to Invoke
sql-injection-testing- SQL injectionsqlmap-database-pentesting- SQLMap
Actions
- Test SQL injection
- Test NoSQL injection
- Test command injection
- Test LDAP injection
- Document vulnerabilities
Copy-Paste Prompts
Use @sql-injection-testing to test for SQL injection
Use @sqlmap-database-pentesting to automate SQL injection testing
Phase 3: XSS Testing
Skills to Invoke
xss-html-injection- XSS testinghtml-injection-testing- HTML injection
Actions
- Test reflected XSS
- Test stored XSS
- Test DOM-based XSS
- Test XSS filters
- Document findings
Copy-Paste Prompts
Use @xss-html-injection to test for cross-site scripting
Phase 4: Authentication Testing
Skills to Invoke
broken-authentication- Authentication testing
Actions
- Test credential stuffing
- Test brute force protection
- Test session management
- Test password policies
- Test MFA implementation
Copy-Paste Prompts
Use @broken-authentication to test authentication security
Phase 5: Access Control Testing
Skills to Invoke
idor-testing- IDOR testingfile-path-traversal- Path traversal
Actions
- Test vertical privilege escalation
- Test horizontal privilege escalation
- Test IDOR vulnerabilities
- Test directory traversal
- Test unauthorized access
Copy-Paste Prompts
Use @idor-testing to test for insecure direct object references
Use @file-path-traversal to test for path traversal
Phase 6: Security Headers
Skills to Invoke
api-security-best-practices- Security headers
Actions
- Check CSP implementation
- Verify HSTS configuration
- Test X-Frame-Options
- Check X-Content-Type-Options
- Verify referrer policy
Copy-Paste Prompts
Use @api-security-best-practices to audit security headers
Phase 7: Reporting
Skills to Invoke
reporting-standards- Security reporting
Actions
- Document vulnerabilities
- Assess risk levels
- Provide remediation
- Create proof of concept
- Generate report
Copy-Paste Prompts
Use @reporting-standards to create security report
OWASP Top 10 Checklist
- [ ] A01: Broken Access Control
- [ ] A02: Cryptographic Failures
- [ ] A03: Injection
- [ ] A04: Insecure Design
- [ ] A05: Security Misconfiguration
- [ ] A06: Vulnerable Components
- [ ] A07: Authentication Failures
- [ ] A08: Software/Data Integrity
- [ ] A09: Logging/Monitoring
- [ ] A10: SSRF
Quality Gates
- [ ] All OWASP Top 10 tested
- [ ] Vulnerabilities documented
- [ ] Proof of concepts captured
- [ ] Remediation provided
- [ ] Report generated
Related Workflow Bundles
security-audit- Security auditingapi-security-testing- API securitywordpress-security- WordPress security
Related Skills
figulazmi/web-security-testing
development
VerifiedTrustedCommunity
Web application security testing workflow for OWASP Top 10 vulnerabilities including injection, XSS, authentication flaws, and access control issues.
SKILL.mdUpdated Apr 17, 2026
figulazmi/web-artifacts-builder
development
VerifiedTrustedCommunity
To build powerful frontend claude.ai artifacts, follow these steps:
SKILL.mdUpdated Apr 17, 2026
figulazmi/skill-creator
tools
VerifiedTrustedCommunity
Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations.
SKILL.mdUpdated Apr 17, 2026
figulazmi/Security Specialist
testing
VerifiedTrustedCommunity
应用安全专家,专注于认证授权、数据保护和合规性审计。当用户需要:(1) 设计安全的登录认证系统 (2) 进行安全代码审查 (3) 检查 GDPR/隐私合规 (4) 防范常见安全漏洞 (OWASP Top 10) 时使用此 Skill。
SKILL.mdUpdated Apr 17, 2026