Is it compliant with OWASP standards?

Yes, the skill is built around the OWASP Top 10 and the Web Security Testing Guide (WSTG) to ensure your testing strategy meets industry best practices.

What is the Security Test Planning skill?

It is a specialized capability for Claude Code that helps developers design and document comprehensive security strategies, from automated scanning to manual penetration testing.

Can this skill help with CI/CD security?

Absolutely. It provides guidance on setting up security gates at the build time (SAST), pre-commit (secret scanning), and runtime (DAST) layers of your pipeline.

Does this skill perform security scanning directly?

No, it acts as a strategic advisor and planner. It provides the templates, tool recommendations, and test case designs that you can implement using tools like SonarQube, Snyk, or OWASP ZAP.

Does it support specific frameworks like .NET?

Yes, it includes specialized references for implementing security tests for authentication, input validation, and rate limiting specifically for .NET environments.

Security Test Planning

Name: Security Test Planning
Author: melodic-software

bymelodic-software

•

セキュリティとテスト

Develops comprehensive security testing strategies including OWASP alignment, penetration test scoping, and automated SAST/DAST integration.

Security Test Planning is a specialized Claude Code skill designed to help development teams integrate robust security practices into their software lifecycle. It provides expert guidance on structuring a security testing pyramid—ranging from automated secret scanning and static analysis (SAST) to dynamic scanning (DAST) and manual penetration testing. By leveraging industry standards like the OWASP Top 10 and the Web Security Testing Guide (WSTG), this skill enables users to create actionable test plans, define remediation SLAs, and implement domain-specific security checks for platforms like .NET, ensuring applications are resilient against modern threats.

主な機能

01Security testing pyramid architecture design

02Threat-based test case design and manual audit scoping

03Automated SAST/DAST tool integration and CI/CD gating

04OWASP Top 10 coverage and testing strategies

055 GitHub stars

06Remediation SLA framework and verification workflows

ユースケース

01Implementing standardized security unit tests for .NET web applications

02Scoping and preparing documentation for quarterly penetration tests

03Building a secure-by-design CI/CD pipeline with automated security gates

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add melodic-software/claude-code-plugins security-test-planning

For use in Claude.ai and ChatGPT

Download Skill