Compétences laravel-security-audit
🛡️

laravel-security-audit

Sûr

Audit Laravel Apps for Security Vulnerabilities

Laravel developers need to ensure their applications follow security best practices. This skill provides comprehensive security auditing using OWASP standards and Laravel-specific security knowledge.

Prend en charge: Claude Codex Code(CC)
🥉 74 Bronze
1

Télécharger le ZIP du skill

2

Importer dans Claude

Allez dans Paramètres → Capacités → Skills → Importer un skill

3

Activez et commencez Ă  utiliser

Tester

Utilisation de "laravel-security-audit". Review a Laravel controller that fetches user posts by ID

RĂ©sultat attendu:

  • Issue: Missing Authorization Check
  • Risk: High
  • Problem: The controller fetches a post by ID without verifying ownership or user permissions.
  • Exploit: An authenticated user can access another user's post by changing the ID parameter.
  • Fix: Add policy check or scope the query to the authenticated user's posts.
  • Example: Post::where('user_id', auth()->id())->findOrFail($id)

Utilisation de "laravel-security-audit". Review file upload validation logic

RĂ©sultat attendu:

  • Issue: Insufficient File Type Validation
  • Risk: Medium
  • Problem: Only file extension is checked, MIME type validation is missing.
  • Exploit: Attacker could upload a PHP file disguised as an image.
  • Fix: Use Laravel's mimeTypes validation rule and store outside public directory.
  • Example: $request->file('avatar')->validate(['mimes:jpg,png', 'max:2048'])

Audit de sécurité

Sûr
v1 • 2/25/2026

All static analysis findings are false positives. This is an educational/documentation skill containing prompt instructions for security auditing, not executable code. The detected patterns (external_commands, network, env_access) are references to security concepts being taught, not actual vulnerable code. No security risks identified.

1
Fichiers analysés
224
Lignes analysées
0
résultats
1
Total des audits
Aucun problème de sécurité trouvé
Audité par: claude

Score de qualité

38
Architecture
100
Maintenabilité
87
Contenu
50
Communauté
100
Sécurité
91
Conformité aux spécifications

Ce que vous pouvez construire

Pre-Deployment Security Review

Review Laravel application code before deploying to production to identify security vulnerabilities.

Code Review Assistance

Integrate security analysis into pull request reviews to catch vulnerabilities early.

Legacy Code Audit

Assess existing Laravel applications for security debt and misconfigurations.

Essayez ces prompts

Basic Security Check 
Review this Laravel controller for security vulnerabilities. Check for proper authorization, input validation, and common OWASP issues.
Full Application Audit 
Perform a comprehensive security audit of this Laravel application. Analyze authentication, authorization, input validation, database queries, file uploads, and API security. Classify each finding by risk level.
Authentication Flow Review 
Audit the authentication implementation in this Laravel application. Check password hashing, session management, token handling, and Sanctum/JWT configuration for security issues.
API Security Assessment 
Evaluate the API endpoints in this Laravel application for security vulnerabilities. Check rate limiting, authorization, input validation, response sanitization, and mass assignment protection.

Bonnes pratiques

  • Always use FormRequest classes for input validation and authorization
  • Apply the principle of least privilege for database and file system access
  • Enable rate limiting on all public API endpoints to prevent abuse

Éviter

  • Using request()->all() without validation in create or update operations
  • Checking authorization only in controllers without policy enforcement
  • Storing uploaded files in publicly accessible directories without validation

Foire aux questions

What Laravel versions does this skill support?
This skill is designed for Laravel 10 and 11+ applications but can audit older versions with knowledge of version-specific security features.
Can this skill scan my entire codebase automatically?
The skill analyzes code files you provide. For large codebases, provide key files like controllers, models, and middleware for focused security review.
Does this replace penetration testing?
No. This skill provides static code analysis and security guidance. It complements but does not replace professional penetration testing or dynamic security scans.
What OWASP categories does this cover?
Coverage includes Injection, Broken Authentication, Sensitive Data Exposure, XML External Entities, Broken Access Control, Security Misconfiguration, XSS, Insecure Deserialization, and Known Vulnerabilities.
Can this skill fix vulnerabilities automatically?
The skill identifies vulnerabilities and provides secure code examples. You must manually review and implement the recommended fixes in your codebase.
Is my code shared or stored when using this skill?
Code analysis happens within your session. However, avoid sharing sensitive credentials, API keys, or production secrets in any code snippets.

Détails du développeur

Auteur

sickn33

Licence

MIT

DĂ©pĂ´t

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/laravel-security-audit

RĂ©f

main

Structure de fichiers

đź“„ SKILL.md