Where can I find the results of the security audit?

The skill generates a markdown report saved to the '{baseDir}/security-reports/' directory, organized by the date of analysis for easy tracking.

Which web frameworks are compatible with this skill?

It is designed to work with major frameworks including Express.js, Django, and Spring, but can be adapted for any system with accessible session management code.

Does it automatically fix the security issues it finds?

The skill provides prioritized fixes and code examples in a detailed report, allowing developers to review and implement the recommended changes safely.

What does the Session Security Checker actually scan?

It scans session creation, storage, transport controls, cookie flags, and rotation behaviors within your web application's source code and configuration files.

Session Security Checker

Name: Session Security Checker
Author: Brmbobo

byBrmbobo

보안 및 테스팅

Audits web application session management to identify vulnerabilities and ensure secure cookie configurations.

소개

The Session Security Checker skill automates the discovery of session management vulnerabilities such as session fixation, CSRF, and replay attacks within web applications. It analyzes authentication modules, middleware, and configuration files across popular frameworks like Express, Django, and Spring to validate cookie flags, rotation policies, and timeout settings. By providing a comprehensive security report with prioritized fixes and code examples, it helps developers harden their applications against unauthorized access and broken authentication according to OWASP standards.

주요 기능

Validates cookie flags including HttpOnly, Secure, and SameSite
Generates automated security reports with remediation code
0 GitHub stars
Identifies session fixation, CSRF, and replay attack paths
Audits session rotation and expiration configurations
Supports multiple frameworks like Express.js, Django, and Spring

사용 사례

Validating session management compliance with OWASP standards
Reviewing and hardening session cookie configurations in production
Conducting a security audit on web application authentication flows

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add brmbobo/web2podcast checking-session-security

For use in Claude.ai and ChatGPT

Download Skill

GitHub

소개