Security & Testing Claude 스킬

STRIDE Security Threat Analysis

Systematically identifies security threats using the STRIDE methodology to enhance application resilience and compliance.

Web3 Smart Contract Testing

Automates and optimizes smart contract testing using Hardhat and Foundry to ensure secure, gas-efficient blockchain deployments.

Automated Code Review & Verification

Performs systematic code reviews by combining automated verification, task completion checks, and quality audits to ensure production-readiness.

Python Testing Patterns

Implements comprehensive Python testing strategies using pytest, mocking, and test-driven development best practices.

GDPR Compliance & Data Privacy

Implements GDPR-compliant data handling including consent management, data subject rights, and privacy-by-design patterns.

Kubernetes Security Policies

Secures Kubernetes clusters by implementing network isolation, RBAC, and pod security standards.

PCI Compliance & Secure Payments

Implements PCI DSS security standards and best practices for secure payment card data handling and processing.

E2E Testing Patterns

Implements reliable end-to-end testing suites using Playwright and Cypress best practices to ensure application stability and catch regressions.

Memory Safety Patterns

Implements robust memory management patterns like RAII and ownership to prevent leaks, crashes, and security vulnerabilities in systems programming.

Attack Tree Construction

Constructs detailed attack trees to visualize security threats and identify architectural vulnerabilities.

Solidity Security & Smart Contract Audit

Implements industry-standard security patterns and vulnerability prevention for Solidity smart contracts.

SAST Security Scanning

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection and enforce security policies across codebases.

Coverage Analysis for Fuzzing

Analyzes code execution during fuzzing to identify performance bottlenecks, magic value blockers, and areas for harness improvement.

Web Application Testing & Automation

Streamlines end-to-end testing and UI debugging for local web applications using automated Playwright scripts and server lifecycle management.

SQL Injection Security Testing

Performs comprehensive SQL injection vulnerability assessments to identify, exploit, and remediate database security flaws in web applications.

Network Service Enumeration

Performs professional-grade discovery, enumeration, and security assessment of network services and database protocols.

Linux Privilege Escalation

Identifies and exploits Linux privilege escalation vectors including SUID binaries, sudo misconfigurations, and kernel vulnerabilities.

Red Team Tactics & Adversary Simulation

Implements structured adversary simulation principles and security audit workflows based on the MITRE ATT&CK framework.

Test Generation

Generates comprehensive, high-coverage test suites and edge-case scenarios to ensure software reliability.

Security File Transfer Techniques

Facilitates advanced file transfers and data exfiltration across Linux and Windows using diverse protocols and living-off-the-land techniques.

SSH Penetration Testing

Conducts end-to-end SSH security audits, from initial service discovery and credential testing to advanced tunneling and post-exploitation analysis.

Web App Testing Suite

Automates local web application testing and UI debugging using Playwright and integrated server lifecycle management.

Security Best Practices

Conducts language-specific security reviews and implements secure-by-default coding patterns for Python, JavaScript, and Go projects.

Firebase APK Security Scanner

Scans Android APKs for Firebase security misconfigurations including open databases, storage buckets, and authentication vulnerabilities.

Dependency Guard & Observation

Ensures environment consistency and prevents dependency mismatches through automated lockfile verification, clean builds, and integration smoke testing.

ELD Law-Driven Debugging

Systematically resolves software bugs by treating them as deviations from logical laws and verifying fixes through an evidence-based loop.

RISC-V Simulator Verification

Verifies RISC-V simulator correctness by executing Linux kernel boot sequences and standard baremetal benchmarks.

Playwright E2E Testing Patterns

Implements robust end-to-end web testing suites using Playwright with a focus on accessibility-first locators and scalable Page Object Models.

SQLMap Database Penetration Testing

Automates the detection and exploitation of SQL injection vulnerabilities to perform comprehensive database security assessments.

Vue Test Utils Testing Patterns

Guides the implementation of robust Vue 3 component tests using Vue Test Utils and Vitest best practices.