con un clic
securevibes
securevibes contiene 9 skills recopiladas de anshumanbh, con cobertura ocupacional por repositorio y páginas de detalle dentro del sitio.
Skills en este repositorio
Validate Server-Side Request Forgery (SSRF) vulnerabilities by testing if user-controlled URLs can reach internal services, cloud metadata endpoints, or alternative protocols. Use when testing CWE-918 (SSRF), CWE-441 (Unintended Proxy), CWE-611 (XXE leading to SSRF), or findings involving URL fetching, webhooks, file imports, image/PDF/SVG processing, or XML parsing with external entities.
Validate OS Command Injection vulnerabilities including direct command injection, blind command injection via time delays, and out-of-band command execution. Test by injecting shell metacharacters and commands into user-controlled inputs. Use when testing CWE-78 (OS Command Injection), CWE-77 (Command Injection), CWE-88 (Argument Injection), or related command execution vulnerabilities.
Validate NoSQL injection vulnerabilities across MongoDB, Cassandra, CouchDB, Redis, and other NoSQL databases. Test operator injection, JavaScript injection, and query manipulation patterns. Use when testing CWE-943 (Improper Neutralization of Special Elements in Data Query Logic) and related NoSQL injection classes.
Validate SQL injection vulnerabilities (including blind SQLi) across time-based, error-based, boolean-based, UNION-based, stacked-query, and out-of-band patterns. Use when testing CWE-89 (SQL Injection), CWE-564 (Hibernate SQL Injection), and related SQL injection classes across MySQL, PostgreSQL, MSSQL, Oracle, and SQLite targets.
Validate Cross-Site Scripting (XSS) vulnerabilities including Reflected, Stored, and DOM-based XSS. Test by injecting script payloads into user-controlled inputs and observing if they execute in browser context. Use when testing CWE-79 (XSS), CWE-80 (Basic XSS), CWE-81 (Error Message XSS), CWE-83 (Attribute XSS), CWE-84 (URI Scheme XSS), CWE-85 (Doubled Character XSS), CWE-86 (Invalid Character XSS), CWE-87 (Alternate XSS Syntax), or related XSS findings.
Validate XML External Entity (XXE) injection vulnerabilities including file disclosure, SSRF, denial of service, and blind XXE via out-of-band channels. Test by injecting malicious XML with external entity references into endpoints that parse XML. Use when testing CWE-611 (XXE), CWE-827 (Improper Control of Document Type Definition), or related XML parsing vulnerabilities.
Validate authorization failures including IDOR, privilege escalation, and missing access controls. Test by attempting unauthorized access with lower-privileged credentials. Use when testing CWE-639 (IDOR), CWE-269 (Improper Privilege Management), CWE-862 (Missing Authorization), CWE-863 (Incorrect Authorization), CWE-284 (Improper Access Control), CWE-285 (Improper Authorization), or CWE-425 (Direct Request / Forced Browsing) findings.
Validate miscellaneous injection vulnerabilities NOT covered by dedicated skills. Covers SSTI, LDAP, XPath, XQuery, CRLF/HTTP Header, Email Header, GraphQL, Expression Language (EL/OGNL), JSON/JavaScript eval injection, ORM/HQL, CSV/Formula, Regex (ReDoS), YAML config, and Shellshock-style injection. Use when testing CWE-1336 (SSTI), CWE-90 (LDAP), CWE-643 (XPath), CWE-652 (XQuery), CWE-93/CWE-113 (CRLF/Header), CWE-917 (EL), CWE-94/CWE-95 (Code/Eval injection), CWE-1333 (ReDoS), CWE-1236 (CSV/Formula), and related injection classes.
Identify agentic AI security threats based on OWASP Top 10 for Agentic Applications 2026. Use when analyzing AI agents, LLM-powered applications, chatbots, auto-reply systems, tool-using AI, browser automation, sandbox execution, or any application that uses AI/LLM APIs (Anthropic, OpenAI, Claude, GPT) to process user input and take actions.