Skip to main content
Jeden Skill in Manus ausführen
mit einem Klick
KaanBicaklar
GitHub-Creator-Profil

KaanBicaklar

Repository-Ansicht von 50 gesammelten Skills in 1 GitHub-Repositories.

gesammelte Skills
50
Repositories
1
aktualisiert
2026-07-09
Repository-Karte

Wo die Skills liegen

Top-Repositories nach gesammelter Skill-Anzahl, mit ihrem Anteil an diesem Creator-Katalog und ihrer Berufsverteilung.

Repository-Explorer

Repositories und repräsentative Skills

authentication-flaws
Informationssicherheitsanalysten

SAST detection methodology for authentication failures (CWE-287/640/307/620), including insecure password reset (predictable/non-expiring tokens, host-header poisoning, token in referer), user enumeration, missing rate-limiting/account lockout, MFA bypass, auth race conditions, insecure "remember me", non-constant-time credential comparison, and default/weak credentials. Use when reviewing login, registration, password-reset, and MFA flows. Writes confirmed findings to findings/21-authentication-flaws.md.

2026-07-09
broken-access-control-idor
Informationssicherheitsanalysten

SAST detection methodology for broken access control (CWE-284/862) and insecure direct object references / BOLA (CWE-639), including function-level authorization gaps (BFLA), horizontal/vertical privilege escalation, missing ownership checks, "UUID is not access control", and inconsistent auth middleware. Use when reviewing routes/controllers/resolvers that read or mutate a resource identified by a request-supplied id. Writes confirmed findings to findings/19-broken-access-control-idor.md.

2026-07-09
business-logic-flaws
Informationssicherheitsanalysten

SAST detection methodology for business-logic flaws (CWE-840, CWE-841), including negative/overflow quantities, price/discount manipulation, trusting client-computed totals, workflow step-skipping, coupon/referral abuse, and replay of one-time actions. Use when reviewing server-side handling of business values and invariants. Writes confirmed findings to findings/34-business-logic-flaws.md.

2026-07-09
cicd-and-pipeline-injection
Informationssicherheitsanalysten

SAST detection methodology for CI/CD and pipeline injection (CWE-94, CWE-78), covering GitHub Actions script injection via ${{ github.event.* }} in run: steps, pull_request_target checkout of untrusted PR head with secrets, self-hosted runner and cache poisoning, over-privileged GITHUB_TOKEN, unpinned third-party actions, forked-PR secret exfiltration, GitLab CI / Jenkinsfile injection, and insecure OIDC trust policies. Use when reviewing .github/workflows/*.yml, .gitlab-ci.yml, or Jenkinsfile. Writes confirmed findings to findings/35-cicd-and-pipeline-injection.md.

2026-07-09
code-injection
Softwareentwickler

SAST detection methodology for code injection / dynamic evaluation (CWE-94, CWE-95), including eval/exec/Function(), Python compile/__import__, Node vm/vm2 sandbox escape, PHP preg_replace /e, assert/create_function, dynamic require/import, and expression-engine evaluation. Use when reviewing code that evaluates strings as code. Writes confirmed findings to findings/04-code-injection.md.

2026-07-09
command-injection
Softwareentwickler

SAST detection methodology for OS command injection (CWE-78), including shell metacharacter injection, argument/flag injection into git/curl/tar, wildcard injection, shell=True, and indirect injection via env vars and filenames. Use when reviewing code that spawns OS processes. Writes confirmed findings to findings/03-command-injection.md.

2026-07-09
cors-misconfiguration
Softwareentwickler

SAST detection methodology for CORS misconfiguration (CWE-942, CWE-346), including reflected Origin with Access-Control-Allow-Credentials:true, null origin acceptance, weak origin regex (unescaped dot, prefix/suffix match, trailing-domain confusion), trusting all subdomains, and wildcard-with- credentials pitfalls. Use when reviewing server code or config that emits Access-Control-Allow-* headers or configures a CORS middleware. Writes confirmed findings to findings/17-cors-misconfiguration.md.

2026-07-09
crlf-and-header-injection
Softwareentwickler

SAST detection methodology for CRLF and header injection (CWE-93, CWE-113, CWE-117), including HTTP response splitting, Location/Set-Cookie header injection, log forging, SMTP/email (BCC) header injection, and Host header injection. Use when reviewing code that writes user input into HTTP headers, redirects, log lines, or email envelopes. Writes confirmed findings to findings/08-crlf-and-header-injection.md.

2026-07-09
Zeigt die Top 8 von 50 gesammelten Skills in diesem Repository.
1 von 1 Repositories angezeigt
Alle Repositories angezeigt