Skill v1.0.1

currentLLM-judged scan95/100

aj-geddes/useful-ai-prompts/security-testing

12 files

──Details

PublishedMay 14, 2026 at 07:41 PM

Content Hashsha256:9d0848f1292040f8...

Git SHA3f5182cfd739

Bump Typepatch

Compare with v1.0.0

──Files

Files (1 file, 3.2 KB)

SKILL.md3.2 KBactive

SKILL.md · 106 lines · 3.2 KB

version: "1.0.1" name: security-testing description: > Identify security vulnerabilities through SAST, DAST, penetration testing, and dependency scanning. Use for security test, vulnerability scanning, OWASP, SQL injection, XSS, CSRF, and penetration testing.

Security Testing

Overview
When to Use
Quick Start
Reference Guides
Best Practices

Overview

Security testing identifies vulnerabilities, weaknesses, and threats in applications to ensure data protection, prevent unauthorized access, and maintain system integrity. It combines automated scanning (SAST, DAST) with manual penetration testing and code review.

When to Use

Testing for OWASP Top 10 vulnerabilities
Scanning dependencies for known vulnerabilities
Testing authentication and authorization
Validating input sanitization
Testing API security
Checking for sensitive data exposure
Validating security headers
Testing session management

Quick Start

Minimal working example:

python

# security_scan.py
from zapv2 import ZAPv2
import time
class SecurityScanner:
    def __init__(self, target_url, api_key=None):
        self.zap = ZAPv2(apikey=api_key, proxies={
            'http': 'http://localhost:8080',
            'https': 'http://localhost:8080'
        })
        self.target = target_url
    def scan(self):
        """Run full security scan."""
        print(f"Scanning {self.target}...")
        # Spider the application
        print("Spidering...")
        scan_id = self.zap.spider.scan(self.target)
        while int(self.zap.spider.status(scan_id)) < 100:
            time.sleep(2)
            print(f"Spider progress: {self.zap.spider.status(scan_id)}%")
        # Active scan
        print("Running active scan...")
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Guide	Contents
OWASP ZAP (DAST)	OWASP ZAP (DAST)
SQL Injection Testing	SQL Injection Testing
XSS Testing	XSS Testing
Authentication & Authorization Testing	Authentication & Authorization Testing
CSRF Protection Testing	CSRF Protection Testing
Dependency Vulnerability Scanning	Dependency Vulnerability Scanning
Security Headers Testing	Security Headers Testing
Secrets Detection	Secrets Detection

Best Practices

✅ DO

Run security scans in CI/CD
Test with real attack vectors
Scan dependencies regularly
Use security headers
Implement rate limiting
Validate and sanitize all input
Use parameterized queries
Test authentication/authorization thoroughly

❌ DON'T

Store secrets in code
Trust user input
Expose detailed error messages
Skip dependency updates
Use default credentials
Ignore security warnings
Test only happy paths
Commit sensitive data

← v1.0.0 All versions