بنقرة واحدة
api-security
API security testing - GraphQL, REST API, WebSocket, and Web-LLM attack techniques.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
API security testing - GraphQL, REST API, WebSocket, and Web-LLM attack techniques.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
| name | api-security |
| description | API security testing - GraphQL, REST API, WebSocket, and Web-LLM attack techniques. |
Test API endpoints for security vulnerabilities across REST, GraphQL, WebSocket, and LLM-integrated APIs.
| Type | Key Vectors |
|---|---|
| GraphQL | Introspection, batching attacks, nested query DoS, field suggestion |
| REST API | BOLA/IDOR, mass assignment, rate limiting, auth bypass, versioning |
| WebSocket | Cross-site hijacking, message manipulation, auth flaws |
| Web-LLM | Prompt injection via API, excessive agency, data exfiltration |
reference/graphql*.md - GraphQL attack techniques and labsreference/scenarios/rest/*.md - REST API security testing (BOLA/BOPLA, mass assignment, SSPP, content-type confusion)reference/websockets*.md - WebSocket vulnerability testingreference/web-llm*.md - Web-LLM attack techniques and labsThreat Intelligence Report Design System — ReportLab-based PDF generation for A4 reports with Transilience branding, typography, and layout standards.
Offensive AI security testing and exploitation framework. Systematically tests LLM applications for OWASP Top 10 vulnerabilities including prompt injection, model extraction, data poisoning, and supply chain attacks. Integrates with pentest workflows to discover and exploit AI-specific threats.
Pentest coordination — orchestrates executor and validator agents with context-controlled spawning. Entry point for all engagements.
Cryptanalysis techniques — lattice attacks, padding oracles, weak-RNG exploitation, signature forgery, secret-sharing recovery.
Digital forensics and incident response - Windows event log analysis, PCAP forensics, filesystem artifact analysis, AD attack detection, and timeline correlation. Use when investigating security incidents, analyzing Sherlocks, or performing threat hunting on provided evidence files.
Core pentesting tools and methodology - Burp Suite usage, Playwright automation, binary analysis, testing methodology, and professional reporting standards.