Does this skill require authorization before use?

Yes. It is a best practice and legal requirement to ensure you have explicit, written authorization from the system owner before performing any penetration testing or vulnerability scanning.

Does it provide a report after the scan?

Yes, the skill generates a comprehensive report that details the identified security flaws, their associated risk levels, and specific steps for remediation.

Can I use this skill to test backend APIs?

Absolutely. You can target specific API endpoints to scan for security flaws such as authentication bypass, broken object-level authorization, and data exposure.

What types of vulnerabilities can this skill identify?

The skill focuses on the OWASP Top 10 risks, including common flaws like SQL injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF).

Penetration Testing & Security Auditing

Name: Penetration Testing & Security Auditing
Author: BbgnsurfTech

byBbgnsurfTech

•

セキュリティとテスト

Automates web application security assessments to identify vulnerabilities and generate comprehensive penetration test reports.

概要

This skill empowers developers and security professionals to conduct automated security audits of web applications and APIs directly within their workflow. By leveraging a specialized penetration-tester plugin, it scans for OWASP Top 10 threats—including SQL injection, XSS, and CSRF—and provides detailed reports featuring risk ratings and actionable remediation guidance. It is designed to evaluate security posture and ensure robust defense mechanisms are implemented throughout the development lifecycle.

主な機能

Detailed security flaw reporting with risk ratings
Targeted API endpoint security assessments
Automated OWASP Top 10 vulnerability scanning
Actionable remediation recommendations for identified bugs
3 GitHub stars
Support for detecting XSS, CSRF, and SQL injection

ユースケース

Generating compliance-ready reports for web application security posture
Performing a full security audit on a web application domain
Scanning specific API endpoints for authentication and authorization flaws

概要

主な機能

Detailed security flaw reporting with risk ratings
Targeted API endpoint security assessments
Automated OWASP Top 10 vulnerability scanning
Actionable remediation recommendations for identified bugs
3 GitHub stars
Support for detecting XSS, CSRF, and SQL injection

ユースケース

Generating compliance-ready reports for web application security posture
Performing a full security audit on a web application domain
Scanning specific API endpoints for authentication and authorization flaws