mit einem Klick
security-check
security-check enthält 49 gesammelte Skills von ersinkoc, mit Repository-Berufsabdeckung und Skill-Detailseiten auf SkillsMP.
Skills in diesem Repository
Comprehensive AI-powered security scanning suite with 48 skills covering OWASP Top 10, 7 language-specific deep scanners (Go, TypeScript, Python, PHP, Rust, Java, C#), supply chain analysis, infrastructure-as-code scanning, and 3000+ checklist items. Use when you need to run a security audit, find vulnerabilities, scan a PR for security issues, or perform a penetration test on a codebase.
C#/.NET-specific security deep scan
Go-specific security deep scan
Java/Kotlin-specific security deep scan
PHP-specific security deep scan
Python-specific security deep scan
Rust-specific security deep scan
TypeScript/JavaScript-specific security deep scan
REST, GraphQL, and gRPC API security audit — authentication, authorization, data exposure, and configuration
Authentication flaw detection — weak passwords, broken auth, credential stuffing, and bypass vectors
Authorization flaw detection — IDOR, broken access control, horizontal and vertical privilege issues
Business logic flaw detection — price manipulation, workflow bypass, race conditions, and abuse vectors
CI/CD pipeline security — GitHub Actions injection, secret exposure, untrusted actions, and artifact poisoning
Clickjacking and UI redressing detection — missing frame protection headers and CSP frame-ancestors
OS Command Injection detection in shell execution, subprocess calls, and process spawning
CORS misconfiguration detection — wildcard origin, reflected origin, null origin, and credential leaks
Cryptography misuse detection — weak algorithms, ECB mode, static IVs, weak PRNG, and key management flaws
Cross-Site Request Forgery detection — missing tokens, SameSite misconfiguration, and CORS-CSRF interaction
Sensitive data exposure detection — PII leaks, verbose errors, debug mode, and information disclosure
Supply chain and dependency security analysis across all package ecosystems
Insecure deserialization detection across all serialization formats and languages
Incremental security scan for changed files only — optimized for PR and commit-level reviews
Docker-specific security checks — image hardening, secrets in layers, compose security, and runtime configuration
Insecure file upload detection — unrestricted types, MIME mismatch, polyglot files, and webshell upload
GraphQL injection, introspection abuse, query complexity attacks, and authorization bypass detection
HTTP Header Injection and Response Splitting detection via CRLF injection in headers
Infrastructure-as-Code security scanning — Dockerfile, Kubernetes, Terraform, and GitHub Actions misconfigurations
JWT implementation flaw detection — algorithm confusion, weak secrets, missing validation, and storage issues
LDAP Injection detection in search filters, DN construction, and bind operations
Mass assignment and over-posting detection — unfiltered request body binding to data models
NoSQL Injection detection for MongoDB, Redis, CouchDB, and Elasticsearch
Open redirect detection — unvalidated redirect URLs, protocol-relative bypasses, and URI scheme abuse
Master orchestration skill that coordinates the entire 4-phase security scanning pipeline
Path traversal and directory traversal detection — LFI, RFI, zip slip, and symlink attacks
Privilege escalation vector detection — role manipulation, admin bypass, and RBAC circumvention
Race condition and TOCTOU detection — database races, file system races, double-spend, and atomicity failures
Missing rate limiting and application-level DoS vector detection — ReDoS, query complexity, resource exhaustion
Remote Code Execution detection via eval, exec, dynamic code loading, and code injection vectors
Codebase discovery and architecture mapping for security analysis
Final consolidated security assessment report generator with CVSS severity and remediation roadmap