Is it compliant with OWASP standards?

Yes, the skill is built around the OWASP Top 10 and the Web Security Testing Guide (WSTG) to ensure your testing strategy meets industry best practices.

What is the Security Test Planning skill?

It is a specialized capability for Claude Code that helps developers design and document comprehensive security strategies, from automated scanning to manual penetration testing.

Can this skill help with CI/CD security?

Absolutely. It provides guidance on setting up security gates at the build time (SAST), pre-commit (secret scanning), and runtime (DAST) layers of your pipeline.

Does this skill perform security scanning directly?

No, it acts as a strategic advisor and planner. It provides the templates, tool recommendations, and test case designs that you can implement using tools like SonarQube, Snyk, or OWASP ZAP.

Does it support specific frameworks like .NET?

Yes, it includes specialized references for implementing security tests for authentication, input validation, and rate limiting specifically for .NET environments.

Security Test Planning

Name: Security Test Planning
Author: melodic-software

bymelodic-software

•

보안 및 테스팅

Develops comprehensive security testing strategies including OWASP alignment, penetration test scoping, and automated SAST/DAST integration.

소개

Security Test Planning is a specialized Claude Code skill designed to help development teams integrate robust security practices into their software lifecycle. It provides expert guidance on structuring a security testing pyramid—ranging from automated secret scanning and static analysis (SAST) to dynamic scanning (DAST) and manual penetration testing. By leveraging industry standards like the OWASP Top 10 and the Web Security Testing Guide (WSTG), this skill enables users to create actionable test plans, define remediation SLAs, and implement domain-specific security checks for platforms like .NET, ensuring applications are resilient against modern threats.

주요 기능

Security testing pyramid architecture design
Threat-based test case design and manual audit scoping
Automated SAST/DAST tool integration and CI/CD gating
OWASP Top 10 coverage and testing strategies
5 GitHub stars
Remediation SLA framework and verification workflows

사용 사례

Implementing standardized security unit tests for .NET web applications
Scoping and preparing documentation for quarterly penetration tests
Building a secure-by-design CI/CD pipeline with automated security gates

소개

주요 기능

Security testing pyramid architecture design
Threat-based test case design and manual audit scoping
Automated SAST/DAST tool integration and CI/CD gating
OWASP Top 10 coverage and testing strategies
5 GitHub stars
Remediation SLA framework and verification workflows

사용 사례

Implementing standardized security unit tests for .NET web applications
Scoping and preparing documentation for quarterly penetration tests
Building a secure-by-design CI/CD pipeline with automated security gates