Loading...
Loading...
Found 13 Skills
Implement secure coding practices following OWASP Top 10. Use when preventing security vulnerabilities, implementing authentication, securing APIs, or conducting security reviews. Triggers on OWASP, security, XSS, SQL injection, CSRF, authentication security, secure coding, vulnerability.
Expert in ethical hacking, vulnerability assessment, and offensive security testing (Web/Network/Cloud).
Expert at securing web applications against OWASP Top 10 vulnerabilities. Covers authentication, authorization, input validation, XSS prevention, CSRF protection, secure headers, and security testing. Treats security as a first-class requirement, not an afterthought. Use when "security, OWASP, XSS, CSRF, SQL injection, authentication security, authorization, input validation, secure headers, vulnerability, penetration testing, security, owasp, authentication, authorization, xss, csrf, injection, headers" mentioned.
Check compliance with OWASP Top 10 security risks and best practices. Use when performing comprehensive security audits. Trigger with 'check OWASP compliance', 'audit web security', or 'validate OWASP'.
Run OWASP ZAP for Dynamic Application Security Testing. Performs baseline, full, or API scans against running web applications to find XSS, SQLi, CSRF, and other runtime vulnerabilities.
Testing web applications for clickjacking vulnerabilities by assessing frame embedding controls and crafting proof-of-concept overlay attacks during authorized security assessments.
Authentication and security patterns for EFT-Tracker using NextAuth. Covers password reset, session management, CSRF protection, and security reviews. Activates when user mentions: auth, authentication, password, NextAuth, session, security, login, logout, CSRF, rate limit, token, JWT.
Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters, bypass techniques, and exploitation chains for phishing and token theft.
Validate CORS policies for security issues and misconfigurations. Use when reviewing cross-origin resource sharing. Trigger with 'validate CORS', 'check CORS policy', or 'review cross-origin'.
Test web applications for XML injection vulnerabilities including XXE, XPath injection, and XML entity attacks to identify data exposure and server-side request forgery risks.
Security review and penetration testing: evaluate your application against OWASP Top 10, authentication security, HTTP headers, CORS, CSP, supply chain risks, and common attack vectors with browser-based validation.
Testing web applications for Cross-Site Request Forgery vulnerabilities by crafting forged requests that exploit authenticated user sessions during authorized security assessments.