What security standards does this skill follow?

This skill aligns with OWASP Top 10 patterns for web security and utilizes the CVSS v3.1 methodology for calculating vulnerability risk scores.

Does it provide code-specific mitigations for PHP?

Yes, it includes specific code patterns for PHP, including secure PDO preparation for SQL, libsodium for encryption, and secure XML loading to prevent XXE.

Can I use this for API security?

Absolutely. It includes patterns for API key encryption at rest, secure configuration checklists, and input validation techniques essential for API development.

How does it help with risk assessment?

It provides references and guidance on CVSS scoring, allowing the AI to help you categorize and prioritize vulnerabilities based on their technical impact.

Security Audit & Secure Coding

Name: Security Audit & Secure Coding
Author: netresearch

bynetresearch

•

Seguridad y Pruebas

Conducts comprehensive security audits and implements OWASP-aligned secure coding patterns for PHP applications.

Acerca de

The Security Audit skill empowers Claude to perform thorough vulnerability assessments and implement industry-standard security protocols. It specializes in identifying and mitigating common web threats such as XXE, SQL injection, and XSS, while providing guidance on CVSS v3.1 risk scoring. Designed primarily for PHP environments, it offers ready-to-use patterns for libsodium encryption, secure session management, and server-side validation, ensuring your codebase adheres to the latest OWASP Top 10 security guidelines.

Características Principales

CVSS v3.1 methodology for standardized risk scoring
API key and sensitive data encryption using libsodium (sodium_crypto_secretbox)
OWASP Top 10 vulnerability detection and mitigation patterns
PHP-specific secure coding templates for SQL and XML parsing
Comprehensive security checklists for production-ready deployments
9 GitHub stars

Casos de Uso

Implementing secure API key storage and encryption-at-rest for backend services
Auditing legacy PHP codebases for hidden security vulnerabilities and injection flaws
Calculating the severity of identified security bugs to prioritize development tasks

Acerca de

Características Principales

CVSS v3.1 methodology for standardized risk scoring
API key and sensitive data encryption using libsodium (sodium_crypto_secretbox)
OWASP Top 10 vulnerability detection and mitigation patterns
PHP-specific secure coding templates for SQL and XML parsing
Comprehensive security checklists for production-ready deployments
9 GitHub stars

Casos de Uso

Implementing secure API key storage and encryption-at-rest for backend services
Auditing legacy PHP codebases for hidden security vulnerabilities and injection flaws
Calculating the severity of identified security bugs to prioritize development tasks