[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-60f9686a-7692-4784-80f2-cb8a867c0117":3,"$fPaKw8G1dyoKnFyI-0EHdHZDTsgPuXJuAvjLEfinW0gI":42},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":33},"60f9686a-7692-4784-80f2-cb8a867c0117","web-security-testing","OWASP Top 10漏洞的Web应用程序安全测试工作流程，包括注入、跨站脚本（XSS）、身份验证缺陷和访问控制问题。","cat_coding_review","mod_coding","sickn33,coding","---\nname: web-security-testing\ndescription: \"Web application security testing workflow for OWASP Top 10 vulnerabilities including injection, XSS, authentication flaws, and access control issues.\"\ncategory: granular-workflow-bundle\nrisk: safe\nsource: personal\ndate_added: \"2026-02-27\"\n---\n\n# Web Security Testing Workflow\n\n## Overview\n\nSpecialized workflow for testing web applications against OWASP Top 10 vulnerabilities including injection attacks, XSS, broken authentication, and access control issues.\n\n## When to Use This Workflow\n\nUse this workflow when:\n- Testing web application security\n- Performing OWASP Top 10 assessment\n- Conducting penetration tests\n- Validating security controls\n- Bug bounty hunting\n\n## Workflow Phases\n\n### Phase 1: Reconnaissance\n\n#### Skills to Invoke\n- `scanning-tools` - Security scanning\n- `top-web-vulnerabilities` - OWASP knowledge\n\n#### Actions\n1. Map application surface\n2. Identify technologies\n3. Discover endpoints\n4. Find subdomains\n5. Document findings\n\n#### Copy-Paste Prompts\n```\nUse @scanning-tools to perform web application reconnaissance\n```\n\n### Phase 2: Injection Testing\n\n#### Skills to Invoke\n- `sql-injection-testing` - SQL injection\n- `sqlmap-database-pentesting` - SQLMap\n\n#### Actions\n1. Test SQL injection\n2. Test NoSQL injection\n3. Test command injection\n4. Test LDAP injection\n5. Document vulnerabilities\n\n#### Copy-Paste Prompts\n```\nUse @sql-injection-testing to test for SQL injection\n```\n\n```\nUse @sqlmap-database-pentesting to automate SQL injection testing\n```\n\n### Phase 3: XSS Testing\n\n#### Skills to Invoke\n- `xss-html-injection` - XSS testing\n- `html-injection-testing` - HTML injection\n\n#### Actions\n1. Test reflected XSS\n2. Test stored XSS\n3. Test DOM-based XSS\n4. Test XSS filters\n5. Document findings\n\n#### Copy-Paste Prompts\n```\nUse @xss-html-injection to test for cross-site scripting\n```\n\n### Phase 4: Authentication Testing\n\n#### Skills to Invoke\n- `broken-authentication` - Authentication testing\n\n#### Actions\n1. Test credential stuffing\n2. Test brute force protection\n3. Test session management\n4. Test password policies\n5. Test MFA implementation\n\n#### Copy-Paste Prompts\n```\nUse @broken-authentication to test authentication security\n```\n\n### Phase 5: Access Control Testing\n\n#### Skills to Invoke\n- `idor-testing` - IDOR testing\n- `file-path-traversal` - Path traversal\n\n#### Actions\n1. Test vertical privilege escalation\n2. Test horizontal privilege escalation\n3. Test IDOR vulnerabilities\n4. Test directory traversal\n5. Test unauthorized access\n\n#### Copy-Paste Prompts\n```\nUse @idor-testing to test for insecure direct object references\n```\n\n```\nUse @file-path-traversal to test for path traversal\n```\n\n### Phase 6: Security Headers\n\n#### Skills to Invoke\n- `api-security-best-practices` - Security headers\n\n#### Actions\n1. Check CSP implementation\n2. Verify HSTS configuration\n3. Test X-Frame-Options\n4. Check X-Content-Type-Options\n5. Verify referrer policy\n\n#### Copy-Paste Prompts\n```\nUse @api-security-best-practices to audit security headers\n```\n\n### Phase 7: Reporting\n\n#### Skills to Invoke\n- `reporting-standards` - Security reporting\n\n#### Actions\n1. Document vulnerabilities\n2. Assess risk levels\n3. Provide remediation\n4. Create proof of concept\n5. Generate report\n\n#### Copy-Paste Prompts\n```\nUse @reporting-standards to create security report\n```\n\n## OWASP Top 10 Checklist\n\n- [ ] A01: Broken Access Control\n- [ ] A02: Cryptographic Failures\n- [ ] A03: Injection\n- [ ] A04: Insecure Design\n- [ ] A05: Security Misconfiguration\n- [ ] A06: Vulnerable Components\n- [ ] A07: Authentication Failures\n- [ ] A08: Software\u002FData Integrity\n- [ ] A09: Logging\u002FMonitoring\n- [ ] A10: SSRF\n\n## Quality Gates\n\n- [ ] All OWASP Top 10 tested\n- [ ] Vulnerabilities documented\n- [ ] Proof of concepts captured\n- [ ] Remediation provided\n- [ ] Report generated\n\n## Related Workflow Bundles\n\n- `security-audit` - Security auditing\n- `api-security-testing` - API security\n- `wordpress-security` - WordPress security\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,145,1507,"2026-05-16 13:46:46",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":17,"createdAt":26},"代码审查","review","mdi-magnify-scan","代码质量分析、安全审查",4,[34],{"id":35,"skillId":4,"version":36,"fileName":37,"fileSize":38,"filePath":39,"fileHash":40,"manifest":41,"createdAt":19},"eea34609-e820-4b06-9a86-c8344130c891","1.0.0","web-security-testing.zip",1720,"uploads\u002Fskills\u002F60f9686a-7692-4784-80f2-cb8a867c0117\u002Fweb-security-testing.zip","9f662c73ff9951fd44cff3e7cef6a100775b1e7277858e96f522e8e6b6768052","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":4318}]",{"code":43,"message":44,"data":45},200,"success",{"items":46,"stats":47,"page":50},[],{"averageRating":48,"totalRatings":48,"ratingCounts":49},0,[48,48,48,48,48],{"limit":51,"offset":48,"hasMore":52,"nextOffset":51,"ratedOnly":16},15,false]