Can it help with CI/CD security integration?

Yes, it provides specific commands and best practices for integrating passive and active security scans into PR pipelines and nightly builds.

Which security tools does this skill support?

The skill supports industry-standard tools including OWASP ZAP, Burp Suite, SonarQube, CodeQL, Snyk, Trivy, and npm audit.

How does it assist with threat modeling?

It uses the STRIDE and DREAD frameworks to identify potential threats during the design phase and helps map those threats to actionable test cases.

Does it cover the OWASP Top 10?

Absolutely. It includes a detailed checklist for identifying and mitigating the top 10 most common web application security risks.

Security Test Automation Specialist

Name: Security Test Automation Specialist
Author: rnavarych

byrnavarych

•

安全与测试

Automates comprehensive security testing workflows including SAST, DAST, and dependency scanning to identify and mitigate application vulnerabilities.

This skill equips Claude with the specialized expertise of a security testing engineer to integrate automated security checks throughout the software development lifecycle. It provides detailed implementation patterns for OWASP ZAP dynamic scanning, configuration guidance for SAST tools like SonarQube and CodeQL, and strategies for managing dependency risks with Snyk or npm audit. Whether planning a penetration test or conducting threat modeling using STRIDE, this skill ensures application security is treated as a first-class citizen in the development process.

主要功能

01Automated SAST and DAST integration using OWASP ZAP and CodeQL

02Threat modeling integration using STRIDE and DREAD frameworks

03OWASP Top 10 vulnerability identification and remediation guidance

04Comprehensive Software Composition Analysis (SCA) and dependency scanning

05Structured penetration test planning and vulnerability management triage

0611 GitHub stars

使用场景

01Integrating automated security scanning into CI/CD pipelines

02Auditing codebases for OWASP Top 10 vulnerabilities like Injection and Broken Access Control

03Generating professional penetration test plans and remediation reports

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add rnavarych/alpha-engineer security-testing

For use in Claude.ai and ChatGPT

主要功能

01Automated SAST and DAST integration using OWASP ZAP and CodeQL

02Threat modeling integration using STRIDE and DREAD frameworks

03OWASP Top 10 vulnerability identification and remediation guidance

04Comprehensive Software Composition Analysis (SCA) and dependency scanning

05Structured penetration test planning and vulnerability management triage

0611 GitHub stars

使用场景

01Integrating automated security scanning into CI/CD pipelines

02Auditing codebases for OWASP Top 10 vulnerabilities like Injection and Broken Access Control

03Generating professional penetration test plans and remediation reports

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add rnavarych/alpha-engineer security-testing

For use in Claude.ai and ChatGPT