What standards does this skill use for security reviews?

The skill is primarily based on the OWASP Top 10 (2021) industry standard, covering the most critical web application security risks.

Which programming languages and frameworks are best supported?

While the core security principles are universal, the skill includes specific implementation examples for TypeScript, Node.js, and React.

Can this skill detect outdated or vulnerable dependencies?

The skill provides guidance on using tools like npm audit and Snyk to monitor and fix vulnerabilities in third-party components and libraries.

Does it provide guidance on authentication and sessions?

Absolutely. It includes best practices for password hashing with bcrypt, secure JWT implementation, and configuring session cookies for maximum protection.

Can it help prevent SQL and NoSQL injections?

Yes, it identifies dangerous patterns like string concatenation in queries and suggests secure alternatives such as parameterized queries, ORMs, and input sanitization.

Reviewing Security (OWASP Top 10)

Name: Reviewing Security (OWASP Top 10)
Author: thkt

bythkt

•

安全与测试

Conducts comprehensive security audits and code reviews based on OWASP Top 10 standards to identify and mitigate critical vulnerabilities.

This skill transforms Claude into a security-focused engineer, providing a robust framework for identifying critical vulnerabilities such as SQL injection, XSS, and broken access control. Built upon the industry-standard OWASP Top 10 (2021) guidelines, it offers automated pattern detection, secure implementation examples in TypeScript and React, and defensive coding patterns. It is an essential tool for developers looking to integrate security into the earliest stages of the development lifecycle, ensuring that applications are built on a secure foundation rather than having security added as an afterthought during production.

主要功能

01Detailed checklists for authentication and access control audits

02Secure implementation code snippets for common security flaws

03Guidance on secure logging, monitoring, and dependency management

04Automated OWASP Top 10 vulnerability pattern detection

053 GitHub stars

06Mitigation strategies for SSRF, CSRF, and XSS attacks

使用场景

01Refactoring legacy code to implement parameterized queries and prevent SQL injection

02Hardening session management and authentication flows in web applications

03Performing a security audit during a pull request review to find hidden vulnerabilities

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add thkt/claude-config reviewing-security

For use in Claude.ai and ChatGPT

Download Skill