Review web applications against the OWASP Top 10 for Web Applications (2021). Use when auditing web apps, reviewing server-side code, or assessing web frameworks for the classic OWASP Top 10 risks including injection, broken auth, and XSS.
Instalación
Instalar con Codex o Claude Copia este prompt, pégalo en Codex, Claude u otro asistente, y deja que revise la página de la skill y la instale por ti.
Review web applications against the OWASP Top 10 for Web Applications (2021). Use when auditing web apps, reviewing server-side code, or assessing web frameworks for the classic OWASP Top 10 risks including injection, broken auth, and XSS.
license
CC-BY-4.0
Web Security Review (OWASP Top 10)
Review web applications against all 10 OWASP Top 10 risks by following the full procedure in plays/owasp-top10-web-review.md.
Steps
Application Mapping — Identify framework/language, deployment model (monolith/microservices), trust boundaries (internet/internal/local), data sensitivity (PII, financial, health), and authentication mechanisms.
Assess Each OWASP Top 10 Risk:
A01 Broken Access Control — Missing authz checks, IDOR, privilege escalation, path traversal, CORS misconfigurations
Configuration Review — Examine web server configs (nginx, Apache), application configs, and deployment manifests for security settings.
Output
Application overview, risk matrix for all 10 categories with severity/status, detailed findings using templates/finding.md, positive controls observed, and prioritized remediation roadmap.
OWASP References
OWASP Top 10 for Web Applications (2021)
OWASP ASVS v5.0 — Application Security Verification Standard