Is this skill suitable for testing REST and GraphQL APIs?

Absolutely. It includes specific patterns for IDOR testing, mass assignment, and GraphQL introspection analysis to ensure API-specific security.

Can I use this for automated security scanning?

Yes, the skill provides pre-configured commands for industry-standard automation tools like SQLMap, Nuclei, and Dalfox to speed up your testing process.

Does it provide cloud-specific security tests?

Yes, it contains specialized SSRF payloads specifically for AWS, Google Cloud, and Azure metadata services to test cloud-hosted applications.

What types of vulnerabilities can this skill identify?

It includes methodologies and payloads for SQL Injection (SQLi), Cross-Site Scripting (XSS), Command Injection, JWT flaws, SSRF, File Upload bypasses, XXE, and API vulnerabilities.

Web Application Security Testing

Name: Web Application Security Testing
Author: trilwu

bytrilwu

セキュリティとテスト

Equips Claude with expert penetration testing methodologies and specialized payloads to identify and exploit web application vulnerabilities.

概要

The Web Application Security skill transforms Claude into a specialized penetration testing assistant capable of auditing web applications for critical vulnerabilities. It provides structured guidance and curated payloads for identifying OWASP Top 10 risks such as SQL Injection, Cross-Site Scripting (XSS), SSRF, and JWT authentication flaws. By integrating this skill, developers and security professionals can leverage expert-level security patterns, automated testing tool commands, and manual bypass techniques directly within their development workflow to ensure robust application security and proactive remediation.

主な機能

Expert techniques for exploiting SSRF, XXE, and file upload vulnerabilities
Comprehensive methodologies for testing JWT and session security
Curated payloads for SQL injection, XSS, and command injection attacks
Detailed API security assessment patterns for REST and GraphQL
0 GitHub stars
Ready-to-use commands for popular security tools like SQLMap, Dalfox, and ffuf

ユースケース

Automating vulnerability detection using specialized CLI tool configurations
Performing security audits and penetration tests on web applications
Identifying and remediating OWASP Top 10 vulnerabilities during development

概要

主な機能

Expert techniques for exploiting SSRF, XXE, and file upload vulnerabilities
Comprehensive methodologies for testing JWT and session security
Curated payloads for SQL injection, XSS, and command injection attacks
Detailed API security assessment patterns for REST and GraphQL
0 GitHub stars
Ready-to-use commands for popular security tools like SQLMap, Dalfox, and ffuf

ユースケース

Automating vulnerability detection using specialized CLI tool configurations
Performing security audits and penetration tests on web applications
Identifying and remediating OWASP Top 10 vulnerabilities during development