Can this skill help with CI/CD security automation?

Yes, it provides specific references and workflows for integrating security tools into automated pipelines, including container scanning and threshold-based build failures.

How does it handle vulnerability remediation?

The skill provides a structured 5-phase workflow that includes triaging findings by severity, eliminating false positives, and prioritizing fixes based on business risk.

Does it support API security testing?

Absolutely. It includes specific patterns for testing APIs against common vulnerabilities defined in the OWASP API Security Top 10.

Is this skill suitable for non-security experts?

Yes, it is designed to help developers and DevOps engineers implement 'Shift Left' security practices and follow industry-standard methodologies without needing to be full-time security researchers.

What types of security testing does this skill cover?

This skill covers the full Security Testing Pyramid, including Static Analysis (SAST), Software Composition Analysis (SCA), Dynamic Testing (DAST), Interactive Analysis (IAST), and manual Penetration Testing.

Security Testing Patterns

Name: Security Testing Patterns
Author: NickCrew

byNickCrew

•

セキュリティとテスト

Implements comprehensive security testing strategies including SAST, DAST, and manual penetration testing patterns.

概要

This skill provides expert guidance for establishing a robust security posture throughout the software development lifecycle. By implementing a layered approach—from static analysis (SAST) and dependency scanning (SCA) to dynamic testing (DAST) and manual penetration testing—it enables developers to identify and remediate vulnerabilities early. Whether you are building automated security pipelines in CI/CD, auditing APIs against OWASP standards, or performing complex logic validation, this skill offers structured workflows to prioritize risks and ensure high-standard application security.

主な機能

7 GitHub stars
Comprehensive SAST, DAST, and SCA integration patterns
Automated security pipeline configuration for CI/CD
OWASP-aligned API security testing methodologies
Risk-based vulnerability triage and remediation workflows
Manual penetration testing and business logic validation

ユースケース

Integrating automated security scanning into GitHub Actions or GitLab CI/CD
Validating API endpoints against the OWASP API Security Top 10
Conducting deep-dive security audits and vulnerability assessments of web applications

概要

主な機能

7 GitHub stars
Comprehensive SAST, DAST, and SCA integration patterns
Automated security pipeline configuration for CI/CD
OWASP-aligned API security testing methodologies
Risk-based vulnerability triage and remediation workflows
Manual penetration testing and business logic validation

ユースケース

Integrating automated security scanning into GitHub Actions or GitLab CI/CD
Validating API endpoints against the OWASP API Security Top 10
Conducting deep-dive security audits and vulnerability assessments of web applications