MCP HubMCP Hub
返回技能列表

security-testing

proffesor-for-testing
更新于 Today
105 次查看
99
21
99
在 GitHub 上查看
其他securityowaspsastdastvulnerabilitiesauthinjection

关于

This Claude Skill systematically tests for security vulnerabilities using OWASP principles, including scanning for injection attacks and validating authentication. It's designed for use during security audits, implementing security practices, or testing authorization. Key capabilities include checking for the OWASP Top 10, dependency vulnerabilities, and exposed secrets.

快速安装

Claude Code

推荐
插件命令推荐
/plugin add https://github.com/proffesor-for-testing/agentic-qe
Git 克隆备选方式
git clone https://github.com/proffesor-for-testing/agentic-qe.git ~/.claude/skills/security-testing

在 Claude Code 中复制并粘贴此命令以安装该技能

技能文档

Security Testing

<default_to_action> When testing security or conducting audits:

  1. TEST OWASP Top 10 vulnerabilities systematically
  2. VALIDATE authentication and authorization on every endpoint
  3. SCAN dependencies for known vulnerabilities (npm audit)
  4. CHECK for injection attacks (SQL, XSS, command)
  5. VERIFY secrets aren't exposed in code/logs

Quick Security Checks:

  • Access control → Test horizontal/vertical privilege escalation
  • Crypto → Verify password hashing, HTTPS, no sensitive data exposed
  • Injection → Test SQL injection, XSS, command injection
  • Auth → Test weak passwords, session fixation, MFA enforcement
  • Config → Check error messages don't leak info

Critical Success Factors:

  • Think like an attacker, build like a defender
  • Security is built in, not added at the end
  • Test continuously in CI/CD, not just before release </default_to_action>

Quick Reference Card

When to Use

  • Security audits and penetration testing
  • Testing authentication/authorization
  • Validating input sanitization
  • Reviewing security configuration

OWASP Top 10 (2021)

#VulnerabilityKey Test
1Broken Access ControlUser A accessing User B's data
2Cryptographic FailuresPlaintext passwords, HTTP
3InjectionSQL/XSS/command injection
4Insecure DesignRate limiting, session timeout
5Security MisconfigurationVerbose errors, exposed /admin
6Vulnerable Componentsnpm audit, outdated packages
7Auth FailuresWeak passwords, no MFA
8Integrity FailuresUnsigned updates, malware
9Logging FailuresNo audit trail for breaches
10SSRFServer fetching internal URLs

Tools

TypeToolPurpose
SASTSonarQube, SemgrepStatic code analysis
DASTOWASP ZAP, BurpDynamic scanning
Depsnpm audit, SnykDependency vulnerabilities
Secretsgit-secrets, TruffleHogSecret scanning

Agent Coordination

  • qe-security-scanner: Multi-layer SAST/DAST scanning
  • qe-api-contract-validator: API security testing
  • qe-quality-analyzer: Security code review

Key Vulnerability Tests

1. Broken Access Control

// Horizontal escalation - User A accessing User B's data
test('user cannot access another user\'s order', async () => {
  const userAToken = await login('userA');
  const userBOrder = await createOrder('userB');

  const response = await api.get(`/orders/${userBOrder.id}`, {
    headers: { Authorization: `Bearer ${userAToken}` }
  });
  expect(response.status).toBe(403);
});

// Vertical escalation - Regular user accessing admin
test('regular user cannot access admin', async () => {
  const userToken = await login('regularUser');
  expect((await api.get('/admin/users', {
    headers: { Authorization: `Bearer ${userToken}` }
  })).status).toBe(403);
});

2. Injection Attacks

// SQL Injection
test('prevents SQL injection', async () => {
  const malicious = "' OR '1'='1";
  const response = await api.get(`/products?search=${malicious}`);
  expect(response.body.length).toBeLessThan(100); // Not all products
});

// XSS
test('sanitizes HTML output', async () => {
  const xss = '<script>alert("XSS")</script>';
  await api.post('/comments', { text: xss });

  const html = (await api.get('/comments')).body;
  expect(html).toContain('&lt;script&gt;');
  expect(html).not.toContain('<script>');
});

3. Cryptographic Failures

test('passwords are hashed', async () => {
  await db.users.create({ email: '[email protected]', password: 'MyPassword123' });
  const user = await db.users.findByEmail('[email protected]');

  expect(user.password).not.toBe('MyPassword123');
  expect(user.password).toMatch(/^\$2[aby]\$\d{2}\$/); // bcrypt
});

test('no sensitive data in API response', async () => {
  const response = await api.get('/users/me');
  expect(response.body).not.toHaveProperty('password');
  expect(response.body).not.toHaveProperty('ssn');
});

4. Security Misconfiguration

test('errors don\'t leak sensitive info', async () => {
  const response = await api.post('/login', { email: '[email protected]', password: 'wrong' });
  expect(response.body.error).toBe('Invalid credentials'); // Generic message
});

test('sensitive endpoints not exposed', async () => {
  const endpoints = ['/debug', '/.env', '/.git', '/admin'];
  for (let ep of endpoints) {
    expect((await fetch(`https://example.com${ep}`)).status).not.toBe(200);
  }
});

5. Rate Limiting

test('rate limiting prevents brute force', async () => {
  const responses = [];
  for (let i = 0; i < 20; i++) {
    responses.push(await api.post('/login', { email: '[email protected]', password: 'wrong' }));
  }
  expect(responses.filter(r => r.status === 429).length).toBeGreaterThan(0);
});

Security Checklist

Authentication

  • Strong password requirements (12+ chars)
  • Password hashing (bcrypt, scrypt, Argon2)
  • MFA for sensitive operations
  • Account lockout after failed attempts
  • Session ID changes after login
  • Session timeout

Authorization

  • Check authorization on every request
  • Least privilege principle
  • No horizontal escalation
  • No vertical escalation

Data Protection

  • HTTPS everywhere
  • Encrypted at rest
  • Secrets not in code/logs
  • PII compliance (GDPR)

Input Validation

  • Server-side validation
  • Parameterized queries (no SQL injection)
  • Output encoding (no XSS)
  • Rate limiting

CI/CD Integration

# GitHub Actions
security-checks:
  steps:
    - name: Dependency audit
      run: npm audit --audit-level=high

    - name: SAST scan
      run: npm run sast

    - name: Secret scan
      uses: trufflesecurity/trufflehog@main

    - name: DAST scan
      if: github.ref == 'refs/heads/main'
      run: docker run owasp/zap2docker-stable zap-baseline.py -t https://staging.example.com

Pre-commit hooks:

#!/bin/sh
git-secrets --scan
npm run lint:security

Agent-Assisted Security Testing

// Comprehensive multi-layer scan
await Task("Security Scan", {
  target: 'src/',
  layers: { sast: true, dast: true, dependencies: true, secrets: true },
  severity: ['critical', 'high', 'medium']
}, "qe-security-scanner");

// OWASP Top 10 testing
await Task("OWASP Scan", {
  categories: ['broken-access-control', 'injection', 'cryptographic-failures'],
  depth: 'comprehensive'
}, "qe-security-scanner");

// Validate fix
await Task("Validate Fix", {
  vulnerability: 'CVE-2024-12345',
  expectedResolution: 'upgrade package to v2.0.0',
  retestAfterFix: true
}, "qe-security-scanner");

Agent Coordination Hints

Memory Namespace

aqe/security/
├── scans/*           - Scan results
├── vulnerabilities/* - Found vulnerabilities
├── fixes/*           - Remediation tracking
└── compliance/*      - Compliance status

Fleet Coordination

const securityFleet = await FleetManager.coordinate({
  strategy: 'security-testing',
  agents: [
    'qe-security-scanner',
    'qe-api-contract-validator',
    'qe-quality-analyzer',
    'qe-deployment-readiness'
  ],
  topology: 'parallel'
});

Common Mistakes

❌ Security by Obscurity

Hiding admin at /super-secret-adminUse proper auth

❌ Client-Side Validation Only

JavaScript validation can be bypassed → Always validate server-side

❌ Trusting User Input

Assuming input is safe → Sanitize, validate, escape all input

❌ Hardcoded Secrets

API keys in code → Environment variables, secret management

Related Skills

Remember

Think like an attacker: What would you try to break? Test that. Build like a defender: Assume input is malicious until proven otherwise. Test continuously: Security testing is ongoing, not one-time.

With Agents: Agents automate vulnerability scanning, track remediation, and validate fixes. Use agents to maintain security posture at scale.

GitHub 仓库

proffesor-for-testing/agentic-qe
路径: .claude/skills/security-testing
agenticqeagenticsfoundationagentsquality-engineering

相关推荐技能

network-security-setup

开发

这个Skill帮助开发者配置Claude Code沙箱的网络隔离策略,特别适用于需要控制外部访问的企业安全场景。它支持设置可信域名白名单、自定义访问策略和安全环境变量管理。关键能力包括防止提示注入攻击、配置企业代理和内部注册表,确保代码执行环境的安全隔离。

查看技能

sandbox-configurator

开发

这个Claude Skill帮助开发者配置Claude Code沙箱的安全隔离策略。它能设置文件系统权限和网络访问边界,确保代码在受控环境中安全运行。适用于需要严格安全控制的开发场景,如执行不可信代码或保护敏感数据。

查看技能

github-workflow-automation

其他

这是一个为开发者提供的GitHub工作流自动化技能,通过AI群体协调实现智能CI/CD流水线和全面的仓库管理。它能自动生成和优化GitHub Actions工作流,支持多智能体协作进行代码分析、测试和部署。开发者可以用它快速建立自适应的工作流系统,提升开发效率和代码质量。

查看技能

when-mapping-dependencies-use-dependency-mapper

其他

这个Claude Skill是一个全面的依赖关系映射工具,能自动提取和分析npm、pip、cargo等多种包管理器的依赖关系。它可以帮助开发者可视化依赖图谱、检测循环依赖和安全漏洞,适用于项目审计和架构优化。通过简单的命令即可生成详细的依赖分析报告和可视化图表。

查看技能