Review web applications against the OWASP Top 10 for Web Applications (2021). Use when auditing web apps, reviewing server-side code, or assessing web frameworks for the classic OWASP Top 10 risks including injection, broken auth, and XSS.
Installation
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Review web applications against the OWASP Top 10 for Web Applications (2021). Use when auditing web apps, reviewing server-side code, or assessing web frameworks for the classic OWASP Top 10 risks including injection, broken auth, and XSS.
license
CC-BY-4.0
Web Security Review (OWASP Top 10)
Review web applications against all 10 OWASP Top 10 risks by following the full procedure in plays/owasp-top10-web-review.md.
Steps
Application Mapping — Identify framework/language, deployment model (monolith/microservices), trust boundaries (internet/internal/local), data sensitivity (PII, financial, health), and authentication mechanisms.
Assess Each OWASP Top 10 Risk:
A01 Broken Access Control — Missing authz checks, IDOR, privilege escalation, path traversal, CORS misconfigurations
Configuration Review — Examine web server configs (nginx, Apache), application configs, and deployment manifests for security settings.
Output
Application overview, risk matrix for all 10 categories with severity/status, detailed findings using templates/finding.md, positive controls observed, and prioritized remediation roadmap.
OWASP References
OWASP Top 10 for Web Applications (2021)
OWASP ASVS v5.0 — Application Security Verification Standard