Does it help with database security?

Yes, it specifically audits for SQL and NoSQL injection by identifying string concatenation in queries and mandating the use of parameterized statements or secure ORM query builders.

What security headers does this skill support?

It covers the full security header stack, including CSP, X-Frame-Options, X-Content-Type-Options, and HSTS (HTTP Strict Transport Security) with recommended values.

Can it defend against Clickjacking?

Yes, it implements defenses using X-Frame-Options and Content-Security-Policy frame-ancestors to prevent unauthorized embedding of your application.

How does this skill prevent XSS attacks?

The skill enforces context-aware output encoding for HTML, JavaScript, and CSS contexts, while also providing guidance on implementing a robust Content Security Policy (CSP) as a secondary defense layer.

How does it handle Server-Side Request Forgery (SSRF)?

It provides patterns for validating user-controlled URLs against an allowlist, resolving DNS before connection to prevent rebinding, and blocking access to internal or private IP ranges.

Web Security & OWASP Hardening

Name: Web Security & OWASP Hardening
Author: hjemmesidekongen

byhjemmesidekongen

0•

보안 및 테스팅

Hardens web applications against common vulnerabilities like XSS, CSRF, and injection attacks using industry-standard OWASP best practices.

This skill integrates security-first principles directly into your development workflow by auditing and remediating vulnerabilities associated with the OWASP Top 10. It provides specialized guidance on implementing robust output encoding to prevent XSS, configuring synchronizer tokens for CSRF protection, and enforcing parameterized queries to eliminate injection risks. By automating checks for security headers and SSRF allowlists, it ensures that web applications are resilient against modern attack vectors from the architectural design phase through to final implementation.

주요 기능

01Injection auditing to replace raw string concatenation with parameterized queries

02CSRF defense enforcement via synchronizer tokens and SameSite cookie policies

03SSRF protection through domain allowlisting and private IP range blocking

040 GitHub stars

05Comprehensive security header configuration including CSP, HSTS, and X-Frame-Options

06Context-aware output encoding for reflected, stored, and DOM-based XSS prevention

사용 사례

01Implementing a robust Content Security Policy (CSP) and secure cookie architecture

02Auditing legacy codebases for hidden security vulnerabilities and injection risks

03Hardening a production-ready web application against the OWASP Top 10

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hjemmesidekongen/ai web-security-owasp

For use in Claude.ai and ChatGPT

주요 기능

01Injection auditing to replace raw string concatenation with parameterized queries

02CSRF defense enforcement via synchronizer tokens and SameSite cookie policies

03SSRF protection through domain allowlisting and private IP range blocking

040 GitHub stars

05Comprehensive security header configuration including CSP, HSTS, and X-Frame-Options

06Context-aware output encoding for reflected, stored, and DOM-based XSS prevention

사용 사례

01Implementing a robust Content Security Policy (CSP) and secure cookie architecture

02Auditing legacy codebases for hidden security vulnerabilities and injection risks

03Hardening a production-ready web application against the OWASP Top 10