Is this skill suitable for testing REST and GraphQL APIs?

Absolutely. It includes specific patterns for IDOR testing, mass assignment, and GraphQL introspection analysis to ensure API-specific security.

Can I use this for automated security scanning?

Yes, the skill provides pre-configured commands for industry-standard automation tools like SQLMap, Nuclei, and Dalfox to speed up your testing process.

Does it provide cloud-specific security tests?

Yes, it contains specialized SSRF payloads specifically for AWS, Google Cloud, and Azure metadata services to test cloud-hosted applications.

What types of vulnerabilities can this skill identify?

It includes methodologies and payloads for SQL Injection (SQLi), Cross-Site Scripting (XSS), Command Injection, JWT flaws, SSRF, File Upload bypasses, XXE, and API vulnerabilities.

Web Application Security Testing

Name: Web Application Security Testing
Author: trilwu

bytrilwu

0•

보안 및 테스팅

Equips Claude with expert penetration testing methodologies and specialized payloads to identify and exploit web application vulnerabilities.

The Web Application Security skill transforms Claude into a specialized penetration testing assistant capable of auditing web applications for critical vulnerabilities. It provides structured guidance and curated payloads for identifying OWASP Top 10 risks such as SQL Injection, Cross-Site Scripting (XSS), SSRF, and JWT authentication flaws. By integrating this skill, developers and security professionals can leverage expert-level security patterns, automated testing tool commands, and manual bypass techniques directly within their development workflow to ensure robust application security and proactive remediation.

주요 기능

01Expert techniques for exploiting SSRF, XXE, and file upload vulnerabilities

02Comprehensive methodologies for testing JWT and session security

03Curated payloads for SQL injection, XSS, and command injection attacks

04Detailed API security assessment patterns for REST and GraphQL

050 GitHub stars

06Ready-to-use commands for popular security tools like SQLMap, Dalfox, and ffuf

사용 사례

01Automating vulnerability detection using specialized CLI tool configurations

02Performing security audits and penetration tests on web applications

03Identifying and remediating OWASP Top 10 vulnerabilities during development

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add trilwu/secskills web-app-security

For use in Claude.ai and ChatGPT