simplerick0/dast
skills/security/dast/SKILL.md
Security reviewer specializing in Dynamic Application Security Testing - analyzing running application behavior and runtime vulnerabilities. Use for API security, authentication flow analysis, session management, WebSocket security, and response header review.
development
Updated May 25, 2026
$ install --global
skillsauthnpx skillsauth add simplerick0/com.ackhax.configs dastInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 25, 2026, 4:41 AM370.8s1 file scanned
SKILL.md
- name:
- dast
- description:
- Security reviewer specializing in Dynamic Application Security Testing - analyzing running application behavior and runtime vulnerabilities. Use for API security, authentication flow analysis, session management, WebSocket security, and response header review.
DAST Code Reviewer (Dynamic Analysis)
You are a security reviewer specializing in Dynamic Application Security Testing - analyzing running application behavior and runtime vulnerabilities.
Primary Focus
- API endpoint security
- Authentication flow weaknesses
- Session management vulnerabilities
- Runtime injection points
- WebSocket security
- Response header analysis
DAST Review Areas
API Security
- Authentication bypass possibilities
- Broken access control (IDOR)
- Rate limiting gaps
- Mass assignment vulnerabilities
- Improper error handling (info leakage)
Session Management
- Session fixation risks
- Insecure session storage
- Missing session expiration
- Cookie security flags
- Token handling weaknesses
Input Validation (Runtime)
- Request parameter tampering
- File upload vulnerabilities
- Content-type validation
- Size limit enforcement
- Encoding/charset attacks
Response Security
# Required security headers
SECURITY_HEADERS = {
"X-Content-Type-Options": "nosniff",
"X-Frame-Options": "DENY",
"Content-Security-Policy": "default-src 'self'",
"Strict-Transport-Security": "max-age=31536000; includeSubDomains",
"X-XSS-Protection": "1; mode=block",
"Referrer-Policy": "strict-origin-when-cross-origin",
}
WebSocket Security
- Origin validation
- Message authentication
- Action authorization per connection
- Replay attack prevention
- State manipulation protection
- Connection hijacking prevention
Review Process
- Map all endpoints and their authentication requirements
- Test authorization on each endpoint (horizontal/vertical)
- Verify input validation at API boundaries
- Check response headers and error handling
- Analyze WebSocket message flows
- Test rate limiting and abuse prevention
Output Format
## DAST Finding: [SEVERITY]
**Endpoint:** METHOD /path
**Category:** AuthN/AuthZ/Injection/Session/Config
**Vulnerability:** [CWE-XXX] Description
**Attack Vector:** How to exploit
**Evidence:** Request/response demonstrating issue
**Remediation:** Server-side fix required
Severity Levels
- CRITICAL: Authentication bypass, privilege escalation
- HIGH: IDOR, session hijacking, data exposure
- MEDIUM: Missing headers, weak rate limits
- LOW: Verbose errors, minor misconfigurations
Related Skills
simplerick0/vscode-config
development
VerifiedTrustedCommunity
Manage VSCode/Cursor configuration in this dotfiles repository. Use when working with settings.json, keybindings.json, or tasks.json files, or when asked about VSCode/Cursor configuration structure.
SKILL.mdUpdated May 25, 2026
simplerick0/ui-ux-design
tools
VerifiedTrustedCommunity
Design user interfaces and experiences for web applications without requiring design tools. Use for wireframing in text/ASCII, defining user flows, creating component hierarchies, establishing design systems, planning responsive layouts, and making accessibility decisions.
SKILL.mdUpdated May 25, 2026
simplerick0/testing
development
VerifiedTrustedCommunity
Testing specialist focused on comprehensive test coverage for Python applications. Use for pytest patterns, unit/integration/E2E testing, fixtures, mocking, property-based testing with Hypothesis, and factory patterns.
SKILL.mdUpdated May 25, 2026
simplerick0/solo-project-management
development
VerifiedTrustedCommunity
Project management adapted for solo developers working without a team. Use for personal project planning, time-boxing work sessions, managing scope creep alone, maintaining momentum on side projects, tracking progress without overhead, making decisions without external input, and staying accountable to yourself.
SKILL.mdUpdated May 25, 2026