From aj-geddes-useful-ai-prompts-4
Identifies security vulnerabilities through SAST, DAST, penetration testing, and dependency scanning. Covers OWASP Top 10, SQL injection, XSS, CSRF, and secrets detection.
How this skill is triggered — by the user, by Claude, or both
Slash command
/aj-geddes-useful-ai-prompts-4:security-testingThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- [Overview](#overview)
references/authentication-authorization-testing.mdreferences/csrf-protection-testing.mdreferences/dependency-vulnerability-scanning.mdreferences/owasp-zap-dast.mdreferences/secrets-detection.mdreferences/security-headers-testing.mdreferences/sql-injection-testing.mdreferences/xss-testing.mdscripts/security-checklist.shSecurity testing identifies vulnerabilities, weaknesses, and threats in applications to ensure data protection, prevent unauthorized access, and maintain system integrity. It combines automated scanning (SAST, DAST) with manual penetration testing and code review.
Minimal working example:
# security_scan.py
from zapv2 import ZAPv2
import time
class SecurityScanner:
def __init__(self, target_url, api_key=None):
self.zap = ZAPv2(apikey=api_key, proxies={
'http': 'http://localhost:8080',
'https': 'http://localhost:8080'
})
self.target = target_url
def scan(self):
"""Run full security scan."""
print(f"Scanning {self.target}...")
# Spider the application
print("Spidering...")
scan_id = self.zap.spider.scan(self.target)
while int(self.zap.spider.status(scan_id)) < 100:
time.sleep(2)
print(f"Spider progress: {self.zap.spider.status(scan_id)}%")
# Active scan
print("Running active scan...")
// ... (see reference guides for full implementation)
Detailed implementations in the references/ directory:
| Guide | Contents |
|---|---|
| OWASP ZAP (DAST) | OWASP ZAP (DAST) |
| SQL Injection Testing | SQL Injection Testing |
| XSS Testing | XSS Testing |
| Authentication & Authorization Testing | Authentication & Authorization Testing |
| CSRF Protection Testing | CSRF Protection Testing |
| Dependency Vulnerability Scanning | Dependency Vulnerability Scanning |
| Security Headers Testing | Security Headers Testing |
| Secrets Detection | Secrets Detection |
npx claudepluginhub aj-geddes/useful-ai-promptsAutomates OWASP Top 10 vulnerability scans with Semgrep, ESLint-security, Bandit, dependency audits on JS/Python/Java codebases for security assessments and pen tests.
Guides security testing setups using Snyk/Trivy for dependency scans in GitHub Actions, Semgrep SAST, Gitleaks secrets scanning, OWASP ZAP DAST, SQLi/XSS test cases, and security headers validation. Use for CI/CD pipelines, vulnerability reviews, and OWASP Top 10 testing.
Scans web apps for security headers, SSL/CORS issues; audits npm/pip dependencies for vulnerabilities; analyzes code for secrets/injections using bandit.