What types of security testing does this skill cover?

It covers a comprehensive layered approach including Static Application Security Testing (SAST), Dynamic Analysis (DAST), Software Composition Analysis (SCA), and manual penetration testing.

Does it support OWASP standards?

Absolutely. The skill includes specific guidance and references for testing against the OWASP Top 10 and OWASP API Security standards.

Can this help with CI/CD integration?

Yes, it provides specific patterns and workflows for integrating automated security scans directly into your development and deployment pipelines.

How does it handle false positives in security scans?

It provides a systematic triage process to help developers and security teams validate findings, eliminate false positives, and prioritize remediation based on actual risk.

Security Testing Patterns

Name: Security Testing Patterns
Author: NickCrew

byNickCrew

•

安全与测试

Implements comprehensive security testing strategies including SAST, DAST, and vulnerability assessments to secure applications throughout the development lifecycle.

This skill empowers developers to integrate professional-grade security testing into their workflows, covering everything from static analysis (SAST) and dependency scanning (SCA) to dynamic testing (DAST) and manual penetration testing. It provides expert guidance on configuring security pipelines, interpreting vulnerability results, and prioritizing remediation based on risk factors like exploitability and business impact. By following these patterns, teams can effectively 'shift left' their security posture, ensuring that authentication, authorization, and API vulnerabilities are identified and addressed before reaching production.

主要功能

01Multi-layered testing patterns including SAST, DAST, SCA, and IAST

02Manual penetration testing and business logic assessment frameworks

03Security pipeline integration for automated CI/CD workflows

04OWASP Top 10 and API security validation guidance

057 GitHub stars

06Risk-based vulnerability triage and remediation prioritizing

使用场景

01Integrating automated security scanning into CI/CD pipelines for continuous protection.

02Validating authentication and authorization controls against industry standards like OWASP.

03Conducting comprehensive security audits of application source code and dependencies.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add nickcrew/claude-cortex security-testing-patterns

For use in Claude.ai and ChatGPT

Download Skill