Skip to main content
Manusで任意のスキルを実行
ワンクリックで
KaanBicaklar
GitHub クリエイタープロフィール

KaanBicaklar

1 件の GitHub リポジトリにある 50 件の収集済み skills をリポジトリ単位で表示します。

収集済み skills
50
リポジトリ
1
更新
2026-07-09
リポジトリマップ

skills がある場所

収集済み skill 数が多いリポジトリを、このクリエイターカタログ内の比率と職業範囲とともに表示します。

リポジトリエクスプローラー

リポジトリと代表的な skills

authentication-flaws
情報セキュリティアナリスト

SAST detection methodology for authentication failures (CWE-287/640/307/620), including insecure password reset (predictable/non-expiring tokens, host-header poisoning, token in referer), user enumeration, missing rate-limiting/account lockout, MFA bypass, auth race conditions, insecure "remember me", non-constant-time credential comparison, and default/weak credentials. Use when reviewing login, registration, password-reset, and MFA flows. Writes confirmed findings to findings/21-authentication-flaws.md.

2026-07-09
broken-access-control-idor
情報セキュリティアナリスト

SAST detection methodology for broken access control (CWE-284/862) and insecure direct object references / BOLA (CWE-639), including function-level authorization gaps (BFLA), horizontal/vertical privilege escalation, missing ownership checks, "UUID is not access control", and inconsistent auth middleware. Use when reviewing routes/controllers/resolvers that read or mutate a resource identified by a request-supplied id. Writes confirmed findings to findings/19-broken-access-control-idor.md.

2026-07-09
business-logic-flaws
情報セキュリティアナリスト

SAST detection methodology for business-logic flaws (CWE-840, CWE-841), including negative/overflow quantities, price/discount manipulation, trusting client-computed totals, workflow step-skipping, coupon/referral abuse, and replay of one-time actions. Use when reviewing server-side handling of business values and invariants. Writes confirmed findings to findings/34-business-logic-flaws.md.

2026-07-09
cicd-and-pipeline-injection
情報セキュリティアナリスト

SAST detection methodology for CI/CD and pipeline injection (CWE-94, CWE-78), covering GitHub Actions script injection via ${{ github.event.* }} in run: steps, pull_request_target checkout of untrusted PR head with secrets, self-hosted runner and cache poisoning, over-privileged GITHUB_TOKEN, unpinned third-party actions, forked-PR secret exfiltration, GitLab CI / Jenkinsfile injection, and insecure OIDC trust policies. Use when reviewing .github/workflows/*.yml, .gitlab-ci.yml, or Jenkinsfile. Writes confirmed findings to findings/35-cicd-and-pipeline-injection.md.

2026-07-09
code-injection
ソフトウェア開発者

SAST detection methodology for code injection / dynamic evaluation (CWE-94, CWE-95), including eval/exec/Function(), Python compile/__import__, Node vm/vm2 sandbox escape, PHP preg_replace /e, assert/create_function, dynamic require/import, and expression-engine evaluation. Use when reviewing code that evaluates strings as code. Writes confirmed findings to findings/04-code-injection.md.

2026-07-09
command-injection
ソフトウェア開発者

SAST detection methodology for OS command injection (CWE-78), including shell metacharacter injection, argument/flag injection into git/curl/tar, wildcard injection, shell=True, and indirect injection via env vars and filenames. Use when reviewing code that spawns OS processes. Writes confirmed findings to findings/03-command-injection.md.

2026-07-09
cors-misconfiguration
ソフトウェア開発者

SAST detection methodology for CORS misconfiguration (CWE-942, CWE-346), including reflected Origin with Access-Control-Allow-Credentials:true, null origin acceptance, weak origin regex (unescaped dot, prefix/suffix match, trailing-domain confusion), trusting all subdomains, and wildcard-with- credentials pitfalls. Use when reviewing server code or config that emits Access-Control-Allow-* headers or configures a CORS middleware. Writes confirmed findings to findings/17-cors-misconfiguration.md.

2026-07-09
crlf-and-header-injection
ソフトウェア開発者

SAST detection methodology for CRLF and header injection (CWE-93, CWE-113, CWE-117), including HTTP response splitting, Location/Set-Cookie header injection, log forging, SMTP/email (BCC) header injection, and Host header injection. Use when reviewing code that writes user input into HTTP headers, redirects, log lines, or email envelopes. Writes confirmed findings to findings/08-crlf-and-header-injection.md.

2026-07-09
このリポジトリの収集済み skills 50 件中、上位 8 件を表示しています。
1 件中 1 件のリポジトリを表示
すべてのリポジトリを表示しました