Can this skill help with OWASP compliance?

Absolutely. It specifically checks for all OWASP Top 10 categories, including Broken Access Control, Injection, and Insecure Design, providing CWE-mapped findings.

Does it provide severity levels for identified issues?

Yes, all findings are ranked using a CVSS-aligned system ranging from Low to Critical (9.0-10.0), allowing developers to prioritize remediation efforts.

Does it support cryptographic reviews?

Yes, it evaluates cryptographic usage to ensure modern standards like AES-256-GCM are used while flagging deprecated algorithms like MD5 or SHA1.

How does this skill handle threat modeling?

It uses the STRIDE framework to systematically identify threats across six categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

What is the recommended workflow for a security review?

The skill follows a five-stage loop: Build Threat Model, Map Attack Surface, Scan for Vulnerabilities, Assess Risk Levels, and finally Plan Remediation.

Security Engineering

Name: Security Engineering
Author: outfitter-dev

byoutfitter-dev

•

安全与测试

Audits code for security vulnerabilities using systematic threat modeling, OWASP patterns, and CVSS-aligned risk assessments.

关于

The Security Engineering skill transforms Claude into a specialized security auditor capable of performing deep-dive code reviews and vulnerability assessments. It follows a rigorous workflow starting with STRIDE-based threat modeling and attack surface mapping before scanning for vulnerabilities across the OWASP Top 10 and CWE categories. By providing CVSS-aligned severity rankings and specific, code-based remediation plans, this skill helps developers identify and fix critical issues like injection, broken access control, and cryptographic failures before they reach production.

主要功能

18 GitHub stars
Comprehensive checks against OWASP Top 10 and CWE patterns
STRIDE-based threat modeling and attack surface mapping
Detailed remediation plans with secure code examples
CVSS-aligned vulnerability scanning and risk assessment
Trust boundary analysis and input validation auditing

使用场景

Reviewing cryptographic implementations for modern standards and safety
Analyzing third-party dependencies and supply chain security risks
Conducting security audits on authentication and authorization logic

关于

主要功能

18 GitHub stars
Comprehensive checks against OWASP Top 10 and CWE patterns
STRIDE-based threat modeling and attack surface mapping
Detailed remediation plans with secure code examples
CVSS-aligned vulnerability scanning and risk assessment
Trust boundary analysis and input validation auditing

使用场景

Reviewing cryptographic implementations for modern standards and safety
Analyzing third-party dependencies and supply chain security risks
Conducting security audits on authentication and authorization logic