スキル Top 100 Web Vulnerabilities Reference
🛡️

Top 100 Web Vulnerabilities Reference

安全

Master Web Vulnerability Assessment with OWASP Reference

Security professionals struggle to keep track of the full spectrum of web application vulnerabilities. This comprehensive reference provides 100 categorized vulnerabilities with clear definitions, root causes, and actionable mitigations.

対応: Claude Codex Code(CC)
📊 71 十分
1

スキルZIPをダウンロード

2

Claudeでアップロード

設定 → 機能 → スキル → スキルをアップロードへ移動

3

オンにして利用開始

テストする

「Top 100 Web Vulnerabilities Reference」を使用しています。 What is Server-Side Request Forgery and how do I test for it?

期待される結果:

SSRF allows attackers to make requests from your server to internal resources. Test by: (1) Identifying URL parameters, (2) Attempting internal IP addresses (127.0.0.1, 169.254.169.254 for cloud metadata), (3) Using out-of-band DNS callbacks to confirm. Mitigate with URL allowlists, egress filtering, and network segmentation.

「Top 100 Web Vulnerabilities Reference」を使用しています。 Give me a checklist for testing authentication vulnerabilities.

期待される結果:

Authentication Testing Checklist: [ ] Session fixation - check session ID regeneration on login, [ ] Brute force - test account lockout and rate limiting, [ ] Credential stuffing - verify breach password detection, [ ] Session hijacking - validate token randomness and HTTPS enforcement, [ ] Remember me tokens - assess predictability and expiration, [ ] CAPTCHA bypass - test automated submission resistance.

セキュリティ監査

安全
v1 • 2/25/2026

This skill is purely educational documentation about web security vulnerabilities. All 32 static analysis findings are false positives - the detected patterns appear in markdown code blocks and vulnerability descriptions, not executable code. The file contains no actual security risks and is safe for publication.

1
スキャンされたファイル
544
解析された行数
0
検出結果
1
総監査数
セキュリティ問題は見つかりませんでした
監査者: claude

品質スコア

38
アーキテクチャ
90
保守性
87
コンテンツ
50
コミュニティ
100
セキュリティ
78
仕様準拠

作れるもの

Security Assessment Planning

Use the vulnerability reference to build comprehensive testing checklists for web application security assessments, ensuring coverage across all major vulnerability categories.

Developer Security Training

Educate development teams on common vulnerability patterns, their root causes, and secure coding practices to prevent security flaws during development.

Incident Response Analysis

Reference vulnerability definitions and attack vectors when investigating security incidents to understand potential exploitation methods and scope.

これらのプロンプトを試す

Beginner: Explain a Specific Vulnerability 
Explain the SQL Injection vulnerability including its definition, root cause, typical impact, and recommended mitigations. Provide a simple example of how the attack works.
Intermediate: Compare Related Vulnerabilities 
Compare and contrast XSS, CSRF, and clickjacking attacks. Explain how each works, what makes them different, and what specific defenses protect against each one.
Advanced: Build Testing Checklist 
Create a comprehensive vulnerability testing checklist for an API security assessment. Include test cases for authentication flaws, injection vulnerabilities, rate limiting, and data exposure risks.
Expert: Map Vulnerabilities to Framework 
Map all authentication-related vulnerabilities from the reference to the OWASP Top 10 2021 categories. For each mapping, explain the relationship and identify any gaps in coverage.

ベストプラクティス

  • Always verify vulnerability findings manually - automated scanners produce false positives
  • Adapt mitigation recommendations to your specific technology stack and architecture
  • Use the OWASP mapping to prioritize remediation based on industry-recognized risk rankings

回避

  • Applying mitigations without understanding the underlying root cause
  • Relying solely on automated scanning without manual verification
  • Implementing security controls inconsistently across application endpoints

よくある質問

How does this reference align with OWASP Top 10?
The 100 vulnerabilities are organized into 15 categories that map directly to OWASP Top 10 2021. Each vulnerability entry includes its corresponding OWASP category, enabling you to prioritize based on the official rankings.
Can this skill perform actual vulnerability scanning?
No. This skill provides educational reference content about vulnerability definitions, attack vectors, and mitigations. It does not execute security scans or interact with target applications.
How do I use this for my specific technology stack?
Use the vulnerability definitions to understand the attack pattern, then adapt the general mitigation strategies to your frameworks and languages. The root cause explanations help identify where in your stack the vulnerability might occur.
What is the difference between high_findings and critical_findings?
Critical findings indicate confirmed malicious patterns that pose immediate exploitation risk. High findings represent significant vulnerabilities requiring urgent attention but with slightly lower immediate impact than critical issues.
How often should I reference this during security assessments?
Reference this throughout the assessment lifecycle: during planning to build checklists, during testing to verify findings, and during reporting to provide accurate vulnerability descriptions and remediation guidance.
Does this cover mobile and IoT security vulnerabilities?
Yes. Phase 14 covers 9 mobile and IoT-specific vulnerabilities including insecure storage, transmission flaws, API weaknesses, reverse engineering risks, and device management issues.

開発者の詳細

作成者

zebbern

ライセンス

MIT

リポジトリ

https://github.com/sickn33/antigravity-awesome-skills/tree/main/web-app/public/skills/top-web-vulnerabilities

参照

main

ファイル構成

📄 SKILL.md