ワンクリックでManusで任意のスキルを実行

始める

owasp-check

OWASP Top 10 (2021) checklist-based inspection and compliance matrix generation

Manusで実行

概要

OWASP Top 10 (2021) checklist-based inspection and compliance matrix generation

インストールコマンド

npx skills add https://github.com/woohyun212/security-skill --skill owasp-check

このコマンドをClaude Codeにコピー＆ペーストしてスキルをインストール

ソース

woohyun212/security-skill

スター18

フォーク0

更新日2026年4月15日 05:34

ファイルエクスプローラー

2 ファイル

SKILL.md

readonly

name	owasp-check
description	OWASP Top 10 (2021) checklist-based inspection and compliance matrix generation
license	MIT
metadata	{"category":"compliance","locale":"en","phase":"v1"}

What this skill does

Inspects security controls of a target application against the OWASP Top 10 2021 standard. Queries the defense status for each of the 10 categories (A01–A10) and generates a Pass/Fail/N-A compliance matrix. Provides prioritized remediation recommendations with official OWASP reference links for each failed item.

When to use

When conducting an application security review or pre-release inspection
When performing an OWASP-based self-assessment in preparation for a security audit
When systematically communicating security requirements to a development team
When identifying risk priorities before a penetration test

Prerequisites

No external tools required (checklist-based)
Inspector's knowledge of the target application's technology stack

Inputs

Item	Description	Example
`APP_NAME`	Name of the application under review	`MyWebApp v2.3`
`APP_TYPE`	Application type	`web` / `api` / `mobile`
`TECH_STACK`	Technology stack in use (optional)	`Node.js, PostgreSQL, React`

Workflow

Step 1: Collect target application information

APP_NAME="${SECSKILL_APP_NAME:-}"
if [ -z "$APP_NAME" ]; then
  read -rp "Application name: " APP_NAME
fi
APP_TYPE="${SECSKILL_APP_TYPE:-}"
if [ -z "$APP_TYPE" ]; then
  read -rp "Type (web/api/mobile): " APP_TYPE
fi
TECH_STACK="${SECSKILL_TECH_STACK:-}"
if [ -z "$TECH_STACK" ]; then
  read -rp "Tech stack (e.g. Node.js, PostgreSQL): " TECH_STACK
fi

REPORT_FILE="/tmp/owasp_check_$(date +%Y%m%d_%H%M%S).md"
echo "# OWASP Top 10 2021 Inspection Results" > "$REPORT_FILE"
echo "" >> "$REPORT_FILE"
echo "- **Target**: $APP_NAME" >> "$REPORT_FILE"
echo "- **Type**: $APP_TYPE" >> "$REPORT_FILE"
echo "- **Stack**: $TECH_STACK" >> "$REPORT_FILE"
echo "- **Date**: $(date '+%Y-%m-%d')" >> "$REPORT_FILE"
echo "" >> "$REPORT_FILE"
echo "[+] Report file initialized: $REPORT_FILE"

Step 2: Query each OWASP Top 10 2021 category

Reference: See REFERENCE.md for the full OWASP Top 10 2021 checklist (10 categories, 35 questions, reference URLs, and remediation priority guide).

The script iterates all 10 categories (A01–A10), prompts y/n/s for each question, then writes a compliance matrix and remediation list to the report file.

Step 3: Print compliance matrix

echo ""
echo "=== Final Compliance Matrix ==="
grep -A 20 "## Compliance Matrix" "$REPORT_FILE" | head -20

FAIL_COUNT=$(grep -c "FAIL" "$REPORT_FILE" 2>/dev/null || echo 0)
echo ""
echo "[Summary]"
echo "  Total failed items: $FAIL_COUNT"
echo "  Detailed report: $REPORT_FILE"

Step 4: Print prioritized remediation recommendations

Reference: See REFERENCE.md for the full remediation priority guide (HIGH/MEDIUM/LOW bands with category groupings).

echo "[+] Full OWASP Top 10 reference: https://owasp.org/Top10/"

Done when

All 10 categories have been queried
Compliance matrix saved to /tmp/owasp_check_<date>.md report
OWASP reference links and remediation checklists included for each FAIL item

Failure modes

Issue	Cause	Solution
Inspection interrupted	Terminal session closed	Re-run and skip completed items with N/A (s)
Report file missing	`/tmp` permission issue	Change to `REPORT_FILE=~/owasp_result.md`
Question hard to understand	Insufficient technical context	Refer to the description section of each reference link

Notes

Use N/A (s) when a question does not apply to the current stack (e.g. server-side rendering questions for an SPA app).
Share inspection results with the security team or development team to build a remediation roadmap.
If preparing for ISMS-P certification, recommend running this skill alongside the isms-checklist skill.
Inspection results do not replace a formal audit; use alongside professional penetration testing.

このリポジトリの他の Skills

同じリポジトリ

isms-checklist

woohyun212/security-skill

Interactive gap analysis against Korea's ISMS-P 102-control certification framework (management, protection, personal information)

2026-04-1518

log-analysis

woohyun212/security-skill

Security log analysis and anomaly detection for access, auth, and syslog files

2026-04-1518

malware-analysis

woohyun212/security-skill

Analyze suspicious files through triage/static/dynamic/code phases to produce IOCs, YARA/Sigma rules, and MITRE ATT&CK mappings

2026-04-1518

malware-hash

woohyun212/security-skill

File hash reputation lookup via VirusTotal API v3 for MD5/SHA1/SHA256 detection ratio, threat classification, and vendor results

2026-04-1518

building-secure-contracts

woohyun212/security-skill

Multi-chain smart contract security for Solana, Algorand, Cairo, Cosmos, Substrate, and TON with pre-audit readiness checks

2026-04-1418

constant-time-analysis

woohyun212/security-skill

Detect timing side-channel vulnerabilities in cryptographic code caused by secret-dependent branching and memory access patterns

2026-04-1418

ソース

woohyun212

woohyun212/security-skill

GitHub リポジトリを開く Creator のリポジトリを見る

インストールコマンド

ダウンロード

Manusで実行

役立つ用途SOC

情報セキュリティアナリストコンピュータ・数学職15-1212L4

name	owasp-check
description	OWASP Top 10 (2021) checklist-based inspection and compliance matrix generation
license	MIT
metadata	{"category":"compliance","locale":"en","phase":"v1"}

What this skill does

When to use

When conducting an application security review or pre-release inspection
When performing an OWASP-based self-assessment in preparation for a security audit
When systematically communicating security requirements to a development team
When identifying risk priorities before a penetration test

Prerequisites

No external tools required (checklist-based)
Inspector's knowledge of the target application's technology stack

Inputs

Item	Description	Example
`APP_NAME`	Name of the application under review	`MyWebApp v2.3`
`APP_TYPE`	Application type	`web` / `api` / `mobile`
`TECH_STACK`	Technology stack in use (optional)	`Node.js, PostgreSQL, React`

Workflow

Step 1: Collect target application information

APP_NAME="${SECSKILL_APP_NAME:-}"
if [ -z "$APP_NAME" ]; then
  read -rp "Application name: " APP_NAME
fi
APP_TYPE="${SECSKILL_APP_TYPE:-}"
if [ -z "$APP_TYPE" ]; then
  read -rp "Type (web/api/mobile): " APP_TYPE
fi
TECH_STACK="${SECSKILL_TECH_STACK:-}"
if [ -z "$TECH_STACK" ]; then
  read -rp "Tech stack (e.g. Node.js, PostgreSQL): " TECH_STACK
fi

REPORT_FILE="/tmp/owasp_check_$(date +%Y%m%d_%H%M%S).md"
echo "# OWASP Top 10 2021 Inspection Results" > "$REPORT_FILE"
echo "" >> "$REPORT_FILE"
echo "- **Target**: $APP_NAME" >> "$REPORT_FILE"
echo "- **Type**: $APP_TYPE" >> "$REPORT_FILE"
echo "- **Stack**: $TECH_STACK" >> "$REPORT_FILE"
echo "- **Date**: $(date '+%Y-%m-%d')" >> "$REPORT_FILE"
echo "" >> "$REPORT_FILE"
echo "[+] Report file initialized: $REPORT_FILE"

Step 2: Query each OWASP Top 10 2021 category

Reference: See REFERENCE.md for the full OWASP Top 10 2021 checklist (10 categories, 35 questions, reference URLs, and remediation priority guide).

The script iterates all 10 categories (A01–A10), prompts y/n/s for each question, then writes a compliance matrix and remediation list to the report file.

Step 3: Print compliance matrix

echo ""
echo "=== Final Compliance Matrix ==="
grep -A 20 "## Compliance Matrix" "$REPORT_FILE" | head -20

FAIL_COUNT=$(grep -c "FAIL" "$REPORT_FILE" 2>/dev/null || echo 0)
echo ""
echo "[Summary]"
echo "  Total failed items: $FAIL_COUNT"
echo "  Detailed report: $REPORT_FILE"

Step 4: Print prioritized remediation recommendations

Reference: See REFERENCE.md for the full remediation priority guide (HIGH/MEDIUM/LOW bands with category groupings).

echo "[+] Full OWASP Top 10 reference: https://owasp.org/Top10/"

Done when

All 10 categories have been queried
Compliance matrix saved to /tmp/owasp_check_<date>.md report
OWASP reference links and remediation checklists included for each FAIL item

Failure modes

Issue	Cause	Solution
Inspection interrupted	Terminal session closed	Re-run and skip completed items with N/A (s)
Report file missing	`/tmp` permission issue	Change to `REPORT_FILE=~/owasp_result.md`
Question hard to understand	Insufficient technical context	Refer to the description section of each reference link

Notes

Use N/A (s) when a question does not apply to the current stack (e.g. server-side rendering questions for an SPA app).
Share inspection results with the security team or development team to build a remediation roadmap.
If preparing for ISMS-P certification, recommend running this skill alongside the isms-checklist skill.
Inspection results do not replace a formal audit; use alongside professional penetration testing.