Skills
skills/aj-geddes/useful-ai-prompts/security-testing

security-testing

Installation
SKILL.md

Security Testing

Table of Contents

Overview

Security testing identifies vulnerabilities, weaknesses, and threats in applications to ensure data protection, prevent unauthorized access, and maintain system integrity. It combines automated scanning (SAST, DAST) with manual penetration testing and code review.

When to Use

  • Testing for OWASP Top 10 vulnerabilities
  • Scanning dependencies for known vulnerabilities
  • Testing authentication and authorization
  • Validating input sanitization
  • Testing API security
  • Checking for sensitive data exposure
  • Validating security headers
  • Testing session management

Quick Start

Minimal working example:

# security_scan.py
from zapv2 import ZAPv2
import time

class SecurityScanner:
    def __init__(self, target_url, api_key=None):
        self.zap = ZAPv2(apikey=api_key, proxies={
            'http': 'http://localhost:8080',
            'https': 'http://localhost:8080'
        })
        self.target = target_url

    def scan(self):
        """Run full security scan."""
        print(f"Scanning {self.target}...")

        # Spider the application
        print("Spidering...")
        scan_id = self.zap.spider.scan(self.target)
        while int(self.zap.spider.status(scan_id)) < 100:
            time.sleep(2)
            print(f"Spider progress: {self.zap.spider.status(scan_id)}%")

        # Active scan
        print("Running active scan...")
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Guide Contents
OWASP ZAP (DAST) OWASP ZAP (DAST)
SQL Injection Testing SQL Injection Testing
XSS Testing XSS Testing
Authentication & Authorization Testing Authentication & Authorization Testing
CSRF Protection Testing CSRF Protection Testing
Dependency Vulnerability Scanning Dependency Vulnerability Scanning
Security Headers Testing Security Headers Testing
Secrets Detection Secrets Detection

Best Practices

✅ DO

  • Run security scans in CI/CD
  • Test with real attack vectors
  • Scan dependencies regularly
  • Use security headers
  • Implement rate limiting
  • Validate and sanitize all input
  • Use parameterized queries
  • Test authentication/authorization thoroughly

❌ DON'T

  • Store secrets in code
  • Trust user input
  • Expose detailed error messages
  • Skip dependency updates
  • Use default credentials
  • Ignore security warnings
  • Test only happy paths
  • Commit sensitive data
Weekly Installs
251
Repository
aj-geddes/usefu…-prompts
GitHub Stars
162
First Seen
Jan 21, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
opencode218
gemini-cli212
codex207
cursor202
github-copilot190
claude-code181