Prerequisites
Before using this skill, ensure you have:
- Target application or API endpoint URLs accessible for testing
- Authentication credentials if testing protected resources
- Appropriate authorization to perform security testing on the target system
- Test environment configured (avoid production without explicit approval)
- Security testing tools installed (OWASP ZAP, sqlmap, or equivalent)
Instructions
Step 1: Define Test Scope
Identify the security testing parameters:
- Target URLs and endpoints to scan
- Authentication requirements and test credentials
- Specific vulnerability types to focus on (OWASP Top 10, injection, XSS, etc.)
- Testing depth level (passive scan vs. active exploitation)
Step 2: Execute Security Scan
Run automated vulnerability detection:
- Use Read tool to analyze application structure and identify entry points
- Execute security testing tools via Bash(test:security-*) with proper scope
- Monitor scan progress and capture all findings
- Document identified vulnerabilities with severity ratings
Step 3: Analyze Vulnerabilities
Process scan results to identify:
- SQL injection vulnerabilities in database queries
- Cross-Site Scripting (XSS) in user input fields
- Cross-Site Request Forgery (CSRF) token weaknesses
- Authentication and authorization bypass opportunities
- Security misconfigurations and exposed sensitive data
Step 4: Generate Security Report
Create comprehensive documentation in {baseDir}/security-reports/:
- Executive summary with risk overview
- Detailed vulnerability findings with CVSS scores
- Proof-of-concept exploit examples where applicable
- Prioritized remediation recommendations
- Compliance assessment against security standards
Output
The skill generates structured security assessment reports:
Vulnerability Summary
- Total vulnerabilities discovered by severity (Critical, High, Medium, Low)
- OWASP Top 10 category mapping for each finding
- Attack surface analysis showing exposed endpoints
Detailed Findings
Each vulnerability includes:
- Unique identifier and CVSS score
- Affected URLs, parameters, and HTTP methods
- Technical description of the security weakness
- Proof-of-concept demonstration or reproduction steps
- Potential impact on confidentiality, integrity, and availability
Remediation Guidance
- Specific code fixes or configuration changes required
- Secure coding best practices to prevent recurrence
- Priority recommendations based on risk and effort
- Verification testing procedures after remediation
Compliance Assessment
- Alignment with OWASP Application Security Verification Standard (ASVS)
- PCI DSS requirements if applicable to payment processing
- General Data Protection Regulation (GDPR) security considerations
Error Handling
Common issues and solutions:
Access Denied
- Error: HTTP 403 or authentication failures during scan
- Solution: Verify credentials are valid and have sufficient permissions; use provided test accounts
Rate Limiting
- Error: Too many requests blocked by WAF or rate limiter
- Solution: Configure scan throttling to reduce request rate; use authenticated sessions to increase limits
False Positives
- Error: Reported vulnerabilities that cannot be exploited
- Solution: Manually verify each finding; adjust scanner sensitivity; whitelist known safe patterns
Tool Installation Missing
- Error: Security testing tools not found on system
- Solution: Install required tools using Bash(test:security-install) with package manager
Resources
Security Testing Tools
- OWASP ZAP for automated vulnerability scanning
- Burp Suite for manual penetration testing
- sqlmap for SQL injection detection and exploitation
- Nikto for web server vulnerability scanning
Vulnerability Databases
- Common Vulnerabilities and Exposures (CVE) database
- National Vulnerability Database (NVD) for CVSS scoring
- OWASP Top 10 documentation and remediation guides
Secure Coding Guidelines
- OWASP Secure Coding Practices checklist
- CWE (Common Weakness Enumeration) catalog
- SANS Top 25 Most Dangerous Software Errors
Best Practices
- Always test in non-production environments first
- Obtain written authorization before security testing
- Document all testing activities for audit trails
- Validate remediation effectiveness with regression testing