Agent-Skills.md
Back to tags
Tag

Agent Skills with tag: web-application-security

15 skills match this tag. Use tags to discover related Agent Skills and explore similar workflows.

owasp-top-10

OWASP Top 10 web application security risks with detection patterns and fixes. Use when reviewing security vulnerabilities, authentication, authorization, or data handling.

OWASPweb-application-securityvulnerability-detectionauthentication
MylesMCook
MylesMCook
0

security

Web application security best practices including OWASP Top 10, authentication, authorization, input validation, cryptography, and secure coding patterns. Use when implementing security features, reviewing code for vulnerabilities, hardening applications, or fixing security issues.

web-application-securityOWASPauthenticationauthorization
vapvarun
vapvarun
3

security-checklist

Use this skill when implementing security measures or conducting security audits. Provides OWASP Top 10 mitigations, authentication patterns, input validation strategies, and compliance guidelines. Ensures applications are secure against common vulnerabilities.

owaspauthenticationinput-validationcompliance-audit
ArieGoldkin
ArieGoldkin
7

security-patterns

Comprehensive OWASP security guidelines, secure coding patterns, vulnerability prevention strategies, and remediation best practices for building secure applications

web-application-securityowaspsecure-coding
bejranonda
bejranonda
1111

security-headers

Validate and implement HTTP security headers to protect web applications.

httpweb-application-securitysecurity-headers
CuriousLearner
CuriousLearner
163

ffuf-web-fuzzing

Expert guidance for ffuf web fuzzing during penetration testing, including authenticated fuzzing with raw requests, auto-calibration, and result analysis

fuzzingpenetration-testingauthentication-testingweb-application-security
danielmiessler
danielmiessler
305

csrf-protection

Implement Cross-Site Request Forgery (CSRF) protection using tokens, SameSite cookies, and origin validation. Use when building forms and state-changing operations.

web-application-securityauthenticationcsrfsamesite-cookies
aj-geddes
aj-geddes
301

security-testing

Identify security vulnerabilities through SAST, DAST, penetration testing, and dependency scanning. Use for security test, vulnerability scanning, OWASP, SQL injection, XSS, CSRF, and penetration testing.

static-analysispenetration-testingvulnerability-scanningweb-application-security
aj-geddes
aj-geddes
301

security-headers-configuration

Configure HTTP security headers including CSP, HSTS, X-Frame-Options, and XSS protection. Use when hardening web applications against common attacks.

content-security-policyxssweb-application-securityhsts
aj-geddes
aj-geddes
301

waf-bypass-hunter

Bypass a Coraza WAF protecting a vulnerable Next.js 16 backend. Analyze parser differentials between Go (WAF) and Node.js (backend) to find bypasses.

web-application-securityexploit-developmentvulnerability-assessmentwaf-bypass
hacktron
hacktron
739

security

OWASP security patterns, secrets management, security testing

OWASPcredentials-managementsecurity-assessmentweb-application-security
alinaqi
alinaqi
28724

Cross-Site Scripting and HTML Injection Testing

This skill should be used when the user asks to "test for XSS vulnerabilities", "perform cross-site scripting attacks", "identify HTML injection flaws", "exploit client-side injection vulnerabilities", "steal cookies via XSS", or "bypass content security policies". It provides comprehensive techniques for detecting, exploiting, and understanding XSS and HTML injection attack vectors in web applications.

web-application-securityxsshtml-injectionpenetration-testing
zebbern
zebbern
2,951263

Burp Suite Web Application Testing

This skill should be used when the user asks to "intercept HTTP traffic", "modify web requests", "use Burp Suite for testing", "perform web vulnerability scanning", "test with Burp Repeater", "analyze HTTP history", or "configure proxy for web testing". It provides comprehensive guidance for using Burp Suite's core features for web application security testing.

burp-suiteweb-application-securitypenetration-testinghttp-interception
zebbern
zebbern
2,951263

Security Scanning Tools

This skill should be used when the user asks to "perform vulnerability scanning", "scan networks for open ports", "assess web application security", "scan wireless networks", "detect malware", "check cloud security", or "evaluate system compliance". It provides comprehensive guidance on security scanning tools and methodologies.

vulnerability-scanningnetwork-scanningweb-application-securitymalware-detection
zebbern
zebbern
2,951263

HTML Injection Testing

This skill should be used when the user asks to "test for HTML injection", "inject HTML into web pages", "perform HTML injection attacks", "deface web applications", or "test content injection vulnerabilities". It provides comprehensive HTML injection attack techniques and testing methodologies.

html-injectionweb-application-securitypenetration-testingcontent-injection
zebbern
zebbern
2,951263