[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-b711890b-2add-4985-ac91-dcaa26cd50fd":3,"$fJKVPWA5TcdDQpu_l39QzqN7Fs9MJel88M8RaQj90Iqc":42},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":33},"b711890b-2add-4985-ac91-dcaa26cd50fd","security-audit","全面的安全审计工作流程，涵盖Web应用程序测试、API安全、渗透测试、漏洞扫描和安全加固。","cat_coding_backend","mod_coding","sickn33,coding","---\nname: security-audit\ndescription: \"Comprehensive security auditing workflow covering web application testing, API security, penetration testing, vulnerability scanning, and security hardening.\"\ncategory: workflow-bundle\nrisk: safe\nsource: personal\ndate_added: \"2026-02-27\"\n---\n\n# Security Auditing Workflow Bundle\n\n## Overview\n\nComprehensive security auditing workflow for web applications, APIs, and infrastructure. This bundle orchestrates skills for penetration testing, vulnerability assessment, security scanning, and remediation.\n\n## When to Use This Workflow\n\nUse this workflow when:\n- Performing security audits on web applications\n- Testing API security\n- Conducting penetration tests\n- Scanning for vulnerabilities\n- Hardening application security\n- Compliance security assessments\n\n## Workflow Phases\n\n### Phase 1: Reconnaissance\n\n#### Skills to Invoke\n- `scanning-tools` - Security scanning\n- `shodan-reconnaissance` - Shodan searches\n- `top-web-vulnerabilities` - OWASP Top 10\n\n#### Actions\n1. Identify target scope\n2. Gather intelligence\n3. Map attack surface\n4. Identify technologies\n5. Document findings\n\n#### Copy-Paste Prompts\n```\nUse @scanning-tools to perform initial reconnaissance\n```\n\n```\nUse @shodan-reconnaissance to find exposed services\n```\n\n### Phase 2: Vulnerability Scanning\n\n#### Skills to Invoke\n- `vulnerability-scanner` - Vulnerability analysis\n- `security-scanning-security-sast` - Static analysis\n- `security-scanning-security-dependencies` - Dependency scanning\n\n#### Actions\n1. Run automated scanners\n2. Perform static analysis\n3. Scan dependencies\n4. Identify misconfigurations\n5. Document vulnerabilities\n\n#### Copy-Paste Prompts\n```\nUse @vulnerability-scanner to scan for OWASP Top 10 vulnerabilities\n```\n\n```\nUse @security-scanning-security-dependencies to audit dependencies\n```\n\n### Phase 3: Web Application Testing\n\n#### Skills to Invoke\n- `top-web-vulnerabilities` - OWASP vulnerabilities\n- `sql-injection-testing` - SQL injection\n- `xss-html-injection` - XSS testing\n- `broken-authentication` - Authentication testing\n- `idor-testing` - IDOR testing\n- `file-path-traversal` - Path traversal\n- `burp-suite-testing` - Burp Suite testing\n\n#### Actions\n1. Test for injection flaws\n2. Test authentication mechanisms\n3. Test session management\n4. Test access controls\n5. Test input validation\n6. Test security headers\n\n#### Copy-Paste Prompts\n```\nUse @sql-injection-testing to test for SQL injection vulnerabilities\n```\n\n```\nUse @xss-html-injection to test for cross-site scripting\n```\n\n```\nUse @broken-authentication to test authentication security\n```\n\n### Phase 4: API Security Testing\n\n#### Skills to Invoke\n- `api-fuzzing-bug-bounty` - API fuzzing\n- `api-security-best-practices` - API security\n\n#### Actions\n1. Enumerate API endpoints\n2. Test authentication\u002Fauthorization\n3. Test rate limiting\n4. Test input validation\n5. Test error handling\n6. Document API vulnerabilities\n\n#### Copy-Paste Prompts\n```\nUse @api-fuzzing-bug-bounty to fuzz API endpoints\n```\n\n### Phase 5: Penetration Testing\n\n#### Skills to Invoke\n- `pentest-commands` - Penetration testing commands\n- `pentest-checklist` - Pentest planning\n- `ethical-hacking-methodology` - Ethical hacking\n- `metasploit-framework` - Metasploit\n\n#### Actions\n1. Plan penetration test\n2. Execute attack scenarios\n3. Exploit vulnerabilities\n4. Document proof of concept\n5. Assess impact\n\n#### Copy-Paste Prompts\n```\nUse @pentest-checklist to plan penetration test\n```\n\n```\nUse @pentest-commands to execute penetration testing\n```\n\n### Phase 6: Security Hardening\n\n#### Skills to Invoke\n- `security-scanning-security-hardening` - Security hardening\n- `auth-implementation-patterns` - Authentication\n- `api-security-best-practices` - API security\n\n#### Actions\n1. Implement security controls\n2. Configure security headers\n3. Set up authentication\n4. Implement authorization\n5. Configure logging\n6. Apply patches\n\n#### Copy-Paste Prompts\n```\nUse @security-scanning-security-hardening to harden application security\n```\n\n### Phase 7: Reporting\n\n#### Skills to Invoke\n- `reporting-standards` - Security reporting\n\n#### Actions\n1. Document findings\n2. Assess risk levels\n3. Provide remediation steps\n4. Create executive summary\n5. Generate technical report\n\n## Security Testing Checklist\n\n### OWASP Top 10\n- [ ] Injection (SQL, NoSQL, OS, LDAP)\n- [ ] Broken Authentication\n- [ ] Sensitive Data Exposure\n- [ ] XML External Entities (XXE)\n- [ ] Broken Access Control\n- [ ] Security Misconfiguration\n- [ ] Cross-Site Scripting (XSS)\n- [ ] Insecure Deserialization\n- [ ] Using Components with Known Vulnerabilities\n- [ ] Insufficient Logging & Monitoring\n\n### API Security\n- [ ] Authentication mechanisms\n- [ ] Authorization checks\n- [ ] Rate limiting\n- [ ] Input validation\n- [ ] Error handling\n- [ ] Security headers\n\n## Quality Gates\n\n- [ ] All planned tests executed\n- [ ] Vulnerabilities documented\n- [ ] Proof of concepts captured\n- [ ] Risk assessments completed\n- [ ] Remediation steps provided\n- [ ] Report generated\n\n## Related Workflow Bundles\n\n- `development` - Secure development practices\n- `wordpress` - WordPress security\n- `cloud-devops` - Cloud security\n- `testing-qa` - Security testing\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,87,880,"2026-05-16 13:38:16",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":25,"skillCount":32,"createdAt":26},"后端开发","backend","mdi-server","API、数据库、服务端架构",296,[34],{"id":35,"skillId":4,"version":36,"fileName":37,"fileSize":38,"filePath":39,"fileHash":40,"manifest":41,"createdAt":19},"e51c2ff3-771a-4a9c-b045-864380d402c4","1.0.0","security-audit.zip",2051,"uploads\u002Fskills\u002Fb711890b-2add-4985-ac91-dcaa26cd50fd\u002Fsecurity-audit.zip","813a2e210aba6473b6c0de7c52d60b0129cac334696adf691b98a1aceddefa27","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":5514}]",{"code":43,"message":44,"data":45},200,"success",{"items":46,"stats":47,"page":50},[],{"averageRating":48,"totalRatings":48,"ratingCounts":49},0,[48,48,48,48,48],{"limit":51,"offset":48,"hasMore":52,"nextOffset":51,"ratedOnly":16},15,false]