performing-security-testing
关于
This skill automates security vulnerability testing for applications and APIs when triggered by terms like "security test" or "OWASP." It performs scans for common threats including the OWASP Top 10, SQL injection, XSS, and CSRF. Use it to generate comprehensive security assessment reports on demand.
技能文档
Overview
This skill enables Claude to automatically perform security vulnerability testing on applications and APIs. It leverages the security-test-scanner plugin to identify potential weaknesses and generate comprehensive reports.
How It Works
- Initiate Scan: The plugin is activated when security testing is requested.
- Execute Tests: The plugin automatically runs a suite of security tests covering OWASP Top 10, injection flaws, XSS, CSRF, and authentication/authorization issues.
- Generate Report: The plugin compiles the test results into a detailed report, highlighting vulnerabilities, severity ratings, and remediation steps.
When to Use This Skill
This skill activates when you need to:
- Perform a security vulnerability scan of an application.
- Test for OWASP Top 10 vulnerabilities.
- Identify SQL injection or XSS vulnerabilities.
- Assess authentication and authorization security.
Examples
Example 1: OWASP Top 10 Vulnerability Scan
User request: "Perform a security test focusing on OWASP Top 10 vulnerabilities for the /api/ endpoint."
The skill will:
- Activate the security-test-scanner plugin.
- Execute OWASP Top 10 tests against the specified endpoint.
- Generate a report detailing any identified vulnerabilities and their severity.
Example 2: SQL Injection Testing
User request: "Test the API for SQL injection vulnerabilities."
The skill will:
- Activate the security-test-scanner plugin.
- Run SQL injection tests against the API.
- Report any successful injection attempts.
Best Practices
- Scope Definition: Clearly define the scope of the security test (e.g., specific endpoints, modules).
- Authentication: Provide necessary authentication credentials for testing protected resources.
- Regular Testing: Schedule regular security tests to identify newly introduced vulnerabilities.
Integration
This skill can be integrated with other plugins to automatically trigger security tests as part of a CI/CD pipeline or after code changes. It also integrates with reporting tools for centralized vulnerability management.
快速安装
/plugin add https://github.com/jeremylongshore/claude-code-plugins-plus/tree/main/security-test-scanner在 Claude Code 中复制并粘贴此命令以安装该技能
GitHub 仓库
相关推荐技能
sglang
元SGLang是一个专为LLM设计的高性能推理框架,特别适用于需要结构化输出的场景。它通过RadixAttention前缀缓存技术,在处理JSON、正则表达式、工具调用等具有重复前缀的复杂工作流时,能实现极速生成。如果你正在构建智能体或多轮对话系统,并追求远超vLLM的推理性能,SGLang是理想选择。
evaluating-llms-harness
测试该Skill通过60+个学术基准测试(如MMLU、GSM8K等)评估大语言模型质量,适用于模型对比、学术研究及训练进度追踪。它支持HuggingFace、vLLM和API接口,被EleutherAI等行业领先机构广泛采用。开发者可通过简单命令行快速对模型进行多任务批量评估。
langchain
元LangChain是一个用于构建LLM应用程序的框架,支持智能体、链和RAG应用开发。它提供多模型提供商支持、500+工具集成、记忆管理和向量检索等核心功能。开发者可用它快速构建聊天机器人、问答系统和自主代理,适用于从原型验证到生产部署的全流程。
go-test
元go-test Skill为Go开发者提供全面的测试指导,涵盖单元测试、性能基准测试和集成测试的最佳实践。它能帮助您正确实现表驱动测试、子测试组织、mock接口和竞态检测,同时指导测试覆盖率分析和性能基准测试。当您编写_test.go文件、设计测试用例或优化测试策略时,这个Skill能确保您遵循Go语言的标准测试惯例。