What security standards does this skill follow?

This skill aligns with OWASP Top 10 patterns for web security and utilizes the CVSS v3.1 methodology for calculating vulnerability risk scores.

Does it provide code-specific mitigations for PHP?

Yes, it includes specific code patterns for PHP, including secure PDO preparation for SQL, libsodium for encryption, and secure XML loading to prevent XXE.

Can I use this for API security?

Absolutely. It includes patterns for API key encryption at rest, secure configuration checklists, and input validation techniques essential for API development.

How does it help with risk assessment?

It provides references and guidance on CVSS scoring, allowing the AI to help you categorize and prioritize vulnerabilities based on their technical impact.

Security Audit & Secure Coding

Name: Security Audit & Secure Coding
Author: netresearch

bynetresearch

•

安全与测试

Conducts comprehensive security audits and implements OWASP-aligned secure coding patterns for PHP applications.

The Security Audit skill empowers Claude to perform thorough vulnerability assessments and implement industry-standard security protocols. It specializes in identifying and mitigating common web threats such as XXE, SQL injection, and XSS, while providing guidance on CVSS v3.1 risk scoring. Designed primarily for PHP environments, it offers ready-to-use patterns for libsodium encryption, secure session management, and server-side validation, ensuring your codebase adheres to the latest OWASP Top 10 security guidelines.

主要功能

01CVSS v3.1 methodology for standardized risk scoring

02API key and sensitive data encryption using libsodium (sodium_crypto_secretbox)

03OWASP Top 10 vulnerability detection and mitigation patterns

04PHP-specific secure coding templates for SQL and XML parsing

05Comprehensive security checklists for production-ready deployments

069 GitHub stars

使用场景

01Implementing secure API key storage and encryption-at-rest for backend services

02Auditing legacy PHP codebases for hidden security vulnerabilities and injection flaws

03Calculating the severity of identified security bugs to prioritize development tasks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add netresearch/claude-code-marketplace security-audit

For use in Claude.ai and ChatGPT

Download Skill