security-testing
Installation
SKILL.md
Security Testing
<default_to_action> When testing security or conducting audits:
- TEST OWASP Top 10 vulnerabilities systematically
- VALIDATE authentication and authorization on every endpoint
- SCAN dependencies for known vulnerabilities (npm audit)
- CHECK for injection attacks (SQL, XSS, command)
- VERIFY secrets aren't exposed in code/logs
Quick Security Checks:
- Access control → Test horizontal/vertical privilege escalation
- Crypto → Verify password hashing, HTTPS, no sensitive data exposed
- Injection → Test SQL injection, XSS, command injection
- Auth → Test weak passwords, session fixation, MFA enforcement
- Config → Check error messages don't leak info