Does it support the latest OWASP standards?

Yes, it is mapped to the OWASP Top 10 2021 and follows the official OWASP Risk Rating Methodology for calculating technical and business impact.

How does this skill handle false positives?

The skill uses a predefined set of indicators and confidence levels to flag common informational findings and low-risk headers that often clutter automated scanner reports.

What frameworks are supported for compliance mapping?

This skill is mapped to multiple frameworks including NIST CSF 2.0 (ID.RA-01, ID.RA-02), MITRE ATT&CK, and the NIST AI RMF.

Can I integrate this with tools like Burp Suite or ZAP?

Absolutely. It is designed to process results from major DAST tools like Burp Suite, OWASP ZAP, and Acunetix, as well as SAST tools like Semgrep and Snyk.

Web Vulnerability Triage & Risk Rating

Name: Web Vulnerability Triage & Risk Rating
Author: mukul975

bymukul975

•

4,121

•

セキュリティとテスト

Triages web application security findings from DAST/SAST scanners using OWASP methodology to prioritize remediation and eliminate false positives.

This skill provides a comprehensive framework for security professionals and developers to manage web application vulnerabilities discovered by automated scanners. By implementing the OWASP Risk Rating Methodology, it helps users distinguish between true security threats and false positives, calculate likelihood and impact scores, and categorize findings based on the OWASP Top 10. It is particularly useful during security audits, incident response, and continuous security testing phases to ensure remediation efforts are focused on the most critical risks while reducing alert fatigue.

主な機能

01Automated classification using the OWASP Top 10 (2021) framework

02Quantitative risk calculation based on Likelihood and Impact factors

034,121 GitHub stars

04Standardized triage reporting for security management tools like DefectDojo

05False positive detection logic for DAST and SAST scanner output

06Manual validation techniques for SQLi, XSS, and SSRF vulnerabilities

ユースケース

01Prioritizing thousands of findings from automated Burp Suite or OWASP ZAP scans

02Validating SAST results for injection vulnerabilities during secure code reviews

03Calculating business-aligned risk scores for stakeholder remediation reports

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills performing-web-application-vulnerability-triage

For use in Claude.ai and ChatGPT

主な機能

01Automated classification using the OWASP Top 10 (2021) framework

02Quantitative risk calculation based on Likelihood and Impact factors

034,121 GitHub stars

04Standardized triage reporting for security management tools like DefectDojo

05False positive detection logic for DAST and SAST scanner output

06Manual validation techniques for SQLi, XSS, and SSRF vulnerabilities

ユースケース

01Prioritizing thousands of findings from automated Burp Suite or OWASP ZAP scans

02Validating SAST results for injection vulnerabilities during secure code reviews

03Calculating business-aligned risk scores for stakeholder remediation reports

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills performing-web-application-vulnerability-triage

For use in Claude.ai and ChatGPT