Does this skill automatically fix vulnerabilities?

No, this skill focuses on triage and prioritization. It helps identify which vulnerabilities are real and critical, providing the necessary context for developers to implement fixes.

Can it filter out false positives?

Yes, it includes logic to flag common informational findings and misconfigurations that often result in 'noise' from automated scanners, allowing you to focus on actionable issues.

What scanners does this skill support?

This skill is designed to work with results from industry-standard tools including OWASP ZAP, Burp Suite, Acunetix, Semgrep, SonarQube, and Snyk.

How does it calculate the risk level?

It follows the OWASP Risk Rating Methodology, which calculates Risk as the product of Likelihood (threat agent and vulnerability factors) and Impact (technical and business factors).

Web Vulnerability Triage & Risk Rating

Name: Web Vulnerability Triage & Risk Rating
Author: micsapp

bymicsapp

0•

Seguridad y Pruebas

Triages web application vulnerability findings from DAST and SAST scanners using the OWASP Risk Rating Methodology to prioritize remediation efforts.

This skill provides a structured framework for security professionals and developers to evaluate vulnerabilities identified by automated scanners like Burp Suite, ZAP, or Snyk. It automates the classification of findings against the OWASP Top 10, calculates comprehensive risk scores based on technical and business impact factors, and helps filter out false positives through predefined indicators and manual validation patterns. It is an essential tool during security audits, incident response, or routine vulnerability management cycles to reduce alert fatigue and focus engineering resources on the most critical threats.

Características Principales

01Manual validation guides for SQL injection and XSS verification

02Logic-based false positive detection for common informational alerts

030 GitHub stars

04Quantitative risk score calculation based on Likelihood and Impact

05Standardized triage report generation for vulnerability management systems

06Automated OWASP Top 10 categorization and CWE mapping

Casos de Uso

01Validating automated security findings through guided manual testing techniques

02Processing high volumes of DAST/SAST scan results to identify critical true positives

03Standardizing risk ratings across multiple applications for consistent security reporting

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills performing-web-application-vulnerability-triage

For use in Claude.ai and ChatGPT

Características Principales

01Manual validation guides for SQL injection and XSS verification

02Logic-based false positive detection for common informational alerts

030 GitHub stars

04Quantitative risk score calculation based on Likelihood and Impact

05Standardized triage report generation for vulnerability management systems

06Automated OWASP Top 10 categorization and CWE mapping

Casos de Uso

01Validating automated security findings through guided manual testing techniques

02Processing high volumes of DAST/SAST scan results to identify critical true positives

03Standardizing risk ratings across multiple applications for consistent security reporting

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills performing-web-application-vulnerability-triage

For use in Claude.ai and ChatGPT