Back to Details

validating-authentication-implementations

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Authentication Validator

认证验证器

This skill provides automated assistance for authentication validator tasks.
本Skill为认证验证任务提供自动化辅助。

Overview

概述

This skill allows Claude to assess the security of authentication mechanisms in a system or application. It provides a detailed report highlighting potential vulnerabilities and offering recommendations for improvement based on established security principles.
本Skill可让Claude评估系统或应用中认证机制的安全性。它会基于既定安全原则生成详细报告,突出潜在漏洞并给出改进建议。

How It Works

工作原理

  1. Initiate Validation: Upon receiving a trigger phrase, the skill activates the 
    authentication-validator
    plugin.
  2. Analyze Authentication Methods: The plugin examines the implemented authentication methods, such as JWT, OAuth, session-based, or API keys.
  3. Generate Security Report: The plugin generates a comprehensive report outlining potential vulnerabilities and recommended fixes related to password security, session management, token security (JWT), multi-factor authentication, and account security.
  1. 启动验证:收到触发短语后,Skill会激活
    authentication-validator
    插件。
  2. 分析认证方式:插件会检查已实现的认证方式,例如JWT、OAuth、基于会话的认证或API密钥。
  3. 生成安全报告:插件会生成一份全面报告,列出与密码安全、会话管理、令牌安全(JWT)、多因素认证(MFA)以及账户安全相关的潜在漏洞和建议修复方案。

When to Use This Skill

使用场景

This skill activates when you need to:
  • Assess the security of an application's authentication implementation.
  • Identify vulnerabilities in password policies and session management.
  • Evaluate the security of JWT tokens and MFA implementation.
  • Ensure compliance with security best practices and industry standards.
当你需要以下操作时,可激活本Skill:
  • 评估应用认证实现的安全性。
  • 识别密码策略与会话管理中的漏洞。
  • 评估JWT令牌与MFA实现的安全性。
  • 确保符合安全最佳实践与行业标准。

Examples

示例

Example 1: Assessing JWT Security

示例1:评估JWT安全性

User request: "validate authentication for jwt implementation"
The skill will:
  1. Activate the 
    authentication-validator
    plugin.
  2. Analyze the JWT implementation, checking for strong signing algorithms, proper expiration claims, and audience/issuer validation.
  3. Generate a report highlighting any vulnerabilities and recommending best practices for JWT security.
用户请求:"validate authentication for jwt implementation"
Skill会:
  1. 激活
    authentication-validator
    插件。
  2. 分析JWT实现,检查签名算法强度、过期声明设置以及受众/签发者验证情况。
  3. 生成报告,突出任何漏洞并给出JWT安全最佳实践建议。

Example 2: Checking Session Security

示例2:检查会话安全性

User request: "authcheck session cookies"
The skill will:
  1. Activate the 
    authentication-validator
    plugin.
  2. Analyze the session cookie settings, including HttpOnly, Secure, and SameSite attributes.
  3. Generate a report outlining any potential session fixation or CSRF vulnerabilities and recommending appropriate countermeasures.
用户请求:"authcheck session cookies"
Skill会:
  1. 激活
    authentication-validator
    插件。
  2. 分析会话Cookie设置,包括HttpOnly、Secure和SameSite属性。
  3. 生成报告,列出潜在的会话固定或CSRF漏洞,并给出相应的应对措施建议。

Best Practices

最佳实践

  • Password Hashing: Always use strong hashing algorithms like bcrypt or Argon2 with appropriate salt generation.
  • Token Expiration: Implement short-lived access tokens and refresh token rotation for enhanced security.
  • Multi-Factor Authentication: Encourage or enforce MFA to mitigate the risk of password compromise.
  • 密码哈希:始终使用强哈希算法,例如bcrypt或Argon2,并配合合适的盐值生成机制。
  • 令牌过期:实现短期访问令牌与刷新令牌轮换机制,以提升安全性。
  • 多因素认证:鼓励或强制使用MFA,降低密码泄露带来的风险。

Integration

集成

This skill can be used in conjunction with other security-related plugins to provide a comprehensive security assessment of an application. For example, it can be used alongside a code analysis plugin to identify potential code-level vulnerabilities related to authentication.
本Skill可与其他安全相关插件配合使用,以提供对应用的全面安全评估。例如,它可与代码分析插件结合,识别与认证相关的代码级潜在漏洞。

Prerequisites

前提条件

  • Access to codebase and configuration files in {baseDir}/
  • Security scanning tools installed as needed
  • Understanding of security standards and best practices
  • Permissions for security analysis operations
  • 可访问{baseDir}/下的代码库与配置文件
  • 已安装所需的安全扫描工具
  • 了解安全标准与最佳实践
  • 拥有安全分析操作的权限

Instructions

操作步骤

  1. Identify security scan scope and targets
  2. Configure scanning parameters and thresholds
  3. Execute security analysis systematically
  4. Analyze findings for vulnerabilities and compliance gaps
  5. Prioritize issues by severity and impact
  6. Generate detailed security report with remediation steps
  1. 确定安全扫描范围与目标
  2. 配置扫描参数与阈值
  3. 系统地执行安全分析
  4. 分析结果以识别漏洞与合规性缺口
  5. 按严重性与影响优先级排序问题
  6. 生成包含修复步骤的详细安全报告

Output

输出内容

  • Security scan results with vulnerability details
  • Compliance status reports by standard
  • Prioritized list of security issues by severity
  • Remediation recommendations with code examples
  • Executive summary for stakeholders
  • 包含漏洞详情的安全扫描结果
  • 按标准分类的合规状态报告
  • 按严重性排序的安全问题优先级列表
  • 附带代码示例的修复建议
  • 面向利益相关者的执行摘要

Error Handling

错误处理

If security scanning fails:
  • Verify tool installation and configuration
  • Check file and directory permissions
  • Validate scan target paths
  • Review tool-specific error messages
  • Ensure network access for dependency checks
若安全扫描失败:
  • 验证工具的安装与配置
  • 检查文件与目录权限
  • 确认扫描目标路径的有效性
  • 查看工具特定的错误消息
  • 确保依赖检查所需的网络访问

Resources

参考资源

  • Security standard documentation (OWASP, CWE, CVE)
  • Compliance framework guidelines (GDPR, HIPAA, PCI-DSS)
  • Security scanning tool documentation
  • Vulnerability remediation best practices
  • 安全标准文档(OWASP、CWE、CVE)
  • 合规框架指南(GDPR、HIPAA、PCI-DSS)
  • 安全扫描工具文档
  • 漏洞修复最佳实践