Compétences top-web-vulnerabilities
đź”’

top-web-vulnerabilities

Sûr

Master Web Application Security Vulnerabilities

Learn to identify and remediate the 100 most critical web vulnerabilities. This systematic reference helps developers and security professionals understand attack vectors and implement proper defenses.

Prend en charge: Claude Codex Code(CC)
🥉 73 Bronze
1

Télécharger le ZIP du skill

2

Importer dans Claude

Allez dans Paramètres → Capacités → Skills → Importer un skill

3

Activez et commencez Ă  utiliser

Tester

Utilisation de "top-web-vulnerabilities". What is Command Injection and how do I prevent it?

RĂ©sultat attendu:

Command Injection (#5, #11) occurs when unsanitized user input is passed to system shells, allowing arbitrary command execution. Impact: Full system compromise, data exfiltration, lateral movement. Mitigation: Avoid shell execution entirely, whitelist valid commands, implement strict input validation, use parameterized APIs instead of shell commands.

Utilisation de "top-web-vulnerabilities". List the authentication-related vulnerabilities I should test in my web app.

RĂ©sultat attendu:

Key authentication vulnerabilities to test: Session Fixation (#14) - verify session IDs regenerate after login. Brute Force (#15) - check for rate limiting and lockout policies. Session Hijacking (#16) - validate token randomness and HTTPS use. Credential Stuffing (#22) - test for breach password checks. Insecure Remember Me (#85) - analyze token strength and expiration. CAPTCHA Bypass (#86) - verify bot detection effectiveness.

Utilisation de "top-web-vulnerabilities". What security headers should every web application implement?

RĂ©sultat attendu:

Critical security headers from the reference: Content-Security-Policy (restricts resource sources), X-Content-Type-Options nosniff (prevents MIME sniffing), X-Frame-Options DENY (blocks clickjacking), X-XSS-Protection (enables browser XSS filtering), Strict-Transport-Security (enforces HTTPS), Referrer-Policy (controls referrer information), Permissions-Policy (restricts browser features).

Audit de sécurité

Sûr
v1 • 2/25/2026

All 33 static analysis findings are false positives. The skill is educational documentation describing vulnerabilities and security concepts, not implementing them. Detected patterns (weak crypto, reconnaissance, external commands) appear in vulnerability descriptions and mitigation examples as teaching content. The skill provides defensive security guidance with no executable code.

1
Fichiers analysés
549
Lignes analysées
0
résultats
1
Total des audits
Aucun problème de sécurité trouvé
Audité par: claude

Score de qualité

38
Architecture
90
Maintenabilité
87
Contenu
50
Communauté
100
Sécurité
96
Conformité aux spécifications

Ce que vous pouvez construire

Security Audit Preparation

Review vulnerability categories and create comprehensive testing checklists before conducting penetration tests or security audits.

Secure Code Review

Reference specific vulnerability patterns while reviewing code to identify potential security flaws during development.

Threat Modeling Support

Use vulnerability categories to systematically identify attack vectors during application design and architecture phases.

Essayez ces prompts

Identify Vulnerability Type 
I found a security issue where user input is not validated before being used in a database query. What vulnerability type is this, and what are the risks and mitigations?
Generate Test Cases 
For a login form, what authentication-related vulnerabilities from the reference should I test for? List specific attack vectors to verify.
Remediation Guidance 
Our application stores user passwords without hashing. What vulnerability is this? Explain the attack scenarios and provide step-by-step mitigation strategies.
Comprehensive Assessment 
Review our e-commerce application for API security vulnerabilities. Check for issues #48-51 and #75 from the reference. Report findings with risk levels and remediation steps.

Bonnes pratiques

  • Always use parameterized queries and prepared statements to prevent injection attacks
  • Implement defense in depth with multiple security controls including WAF, input validation, and output encoding
  • Keep dependencies and systems patched with a formal vulnerability management program
  • Enforce strong authentication with MFA, secure session management, and proper authorization checks

Éviter

  • Relying solely on automated scanners without manual verification and business logic testing
  • Applying security controls inconsistently across different application components or environments
  • Treating security as a one-time assessment instead of continuous integration into the development lifecycle
  • Assuming client-side validation is sufficient without server-side enforcement

Foire aux questions

Does this skill scan my application for vulnerabilities?
No, this is a reference guide that helps you understand vulnerabilities and manual testing techniques. It does not perform automated scanning or execute security tests.
How current is the vulnerability information?
The reference covers established vulnerability types aligned with OWASP and industry standards. New vulnerabilities emerge regularly, so use this as a foundation and supplement with current threat intelligence.
Can this skill replace professional security testing?
No. This reference supports security awareness and testing preparation, but does not replace comprehensive penetration testing, code review by security experts, or formal security assessments.
What is the difference between vulnerabilities #98-100?
#98-99 refer to unpatched known vulnerabilities that attackers exploit publicly disclosed flaws. #100 represents zero-day exploits, which are unknown vulnerabilities with no available patch, requiring defense-in-depth strategies.
Should I test all 100 vulnerabilities?
Focus on vulnerabilities relevant to your technology stack and application features. Use the category structure to prioritize testing based on your threat model and risk assessment.
How do I verify if a vulnerability is actually exploitable?
Use the verification techniques table in the reference. Each vulnerability type has specific testing approaches such as payload variants for injection, out-of-band callbacks for SSRF, or privilege testing for access control issues.

Détails du développeur

Auteur

zebbern

Licence

MIT

DĂ©pĂ´t

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/top-web-vulnerabilities

RĂ©f

main

Structure de fichiers

đź“„ SKILL.md