What standards does this skill use for security reviews?

The skill is primarily based on the OWASP Top 10 (2021) industry standard, covering the most critical web application security risks.

Which programming languages and frameworks are best supported?

While the core security principles are universal, the skill includes specific implementation examples for TypeScript, Node.js, and React.

Can this skill detect outdated or vulnerable dependencies?

The skill provides guidance on using tools like npm audit and Snyk to monitor and fix vulnerabilities in third-party components and libraries.

Does it provide guidance on authentication and sessions?

Absolutely. It includes best practices for password hashing with bcrypt, secure JWT implementation, and configuring session cookies for maximum protection.

Can it help prevent SQL and NoSQL injections?

Yes, it identifies dangerous patterns like string concatenation in queries and suggests secure alternatives such as parameterized queries, ORMs, and input sanitization.

Reviewing Security (OWASP Top 10)

Name: Reviewing Security (OWASP Top 10)
Author: thkt

bythkt

•

Security & Testing

Conducts comprehensive security audits and code reviews based on OWASP Top 10 standards to identify and mitigate critical vulnerabilities.

About

This skill transforms Claude into a security-focused engineer, providing a robust framework for identifying critical vulnerabilities such as SQL injection, XSS, and broken access control. Built upon the industry-standard OWASP Top 10 (2021) guidelines, it offers automated pattern detection, secure implementation examples in TypeScript and React, and defensive coding patterns. It is an essential tool for developers looking to integrate security into the earliest stages of the development lifecycle, ensuring that applications are built on a secure foundation rather than having security added as an afterthought during production.

Key Features

Detailed checklists for authentication and access control audits
Secure implementation code snippets for common security flaws
Guidance on secure logging, monitoring, and dependency management
Automated OWASP Top 10 vulnerability pattern detection
3 GitHub stars
Mitigation strategies for SSRF, CSRF, and XSS attacks

Use Cases

Refactoring legacy code to implement parameterized queries and prevent SQL injection
Hardening session management and authentication flows in web applications
Performing a security audit during a pull request review to find hidden vulnerabilities

About

Key Features

Detailed checklists for authentication and access control audits
Secure implementation code snippets for common security flaws
Guidance on secure logging, monitoring, and dependency management
Automated OWASP Top 10 vulnerability pattern detection
3 GitHub stars
Mitigation strategies for SSRF, CSRF, and XSS attacks

Use Cases

Refactoring legacy code to implement parameterized queries and prevent SQL injection
Hardening session management and authentication flows in web applications
Performing a security audit during a pull request review to find hidden vulnerabilities