What tools are required to use this security skill?

The skill utilizes standard tools like curl, ffuf, and jq, and provides guidance for integrating with professional tools like Burp Suite and Postman.

Which version of the OWASP API Top 10 is covered?

The skill is mapped to the 2023 OWASP API Security Top 10, covering risks from BOLA (API1) to Unsafe Consumption of APIs (API10).

Can I use this for automated security pipelines?

Yes, many of the workflows are designed as shell-executable commands that can be integrated into CI/CD environments to catch regressions in API authorization or rate limiting.

Does this skill support GraphQL testing?

Yes, the skill includes specific workflows for discovering and testing GraphQL endpoints, including schema introspection, complexity attacks, and depth analysis.

API Security Testing (OWASP Top 10)

Name: API Security Testing (OWASP Top 10)
Author: mukul975

bymukul975

•

4,121

•

보안 및 테스팅

Performs systematic security assessments of REST and GraphQL APIs against the OWASP API Security Top 10 risks using automated and manual testing techniques.

This skill provides a comprehensive framework for identifying vulnerabilities in API endpoints, covering the full 2023 OWASP API Security Top 10. It guides users through discovery of hidden endpoints, testing for Broken Object Level Authorization (BOLA), evaluating authentication strengths, and detecting security misconfigurations. By combining automated fuzzing patterns with manual verification workflows, it empowers developers and security professionals to validate API gateway controls, rate limiting, and complex authorization logic across REST, GraphQL, and gRPC architectures.

주요 기능

01Authentication mechanism and JWT integrity validation

02Rate limiting and resource consumption stress testing

03Automated API endpoint discovery and mapping for REST and GraphQL

04Mass assignment and excessive data exposure checks

054,121 GitHub stars

06Systematic BOLA (Broken Object Level Authorization) and IDOR testing

사용 사례

01Validating API security posture before production deployments

02Conducting authorized API penetration testing engagements

03Auditing API gateway configurations and rate-limiting effectiveness

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills testing-api-security-with-owasp-top-10

For use in Claude.ai and ChatGPT

주요 기능

01Authentication mechanism and JWT integrity validation

02Rate limiting and resource consumption stress testing

03Automated API endpoint discovery and mapping for REST and GraphQL

04Mass assignment and excessive data exposure checks

054,121 GitHub stars

06Systematic BOLA (Broken Object Level Authorization) and IDOR testing

사용 사례

01Validating API security posture before production deployments

02Conducting authorized API penetration testing engagements

03Auditing API gateway configurations and rate-limiting effectiveness

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills testing-api-security-with-owasp-top-10

For use in Claude.ai and ChatGPT