Review web applications against the OWASP Top 10 for Web Applications (2021). Use when auditing web apps, reviewing server-side code, or assessing web frameworks for the classic OWASP Top 10 risks including injection, broken auth, and XSS.
설치
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
Review web applications against the OWASP Top 10 for Web Applications (2021). Use when auditing web apps, reviewing server-side code, or assessing web frameworks for the classic OWASP Top 10 risks including injection, broken auth, and XSS.
license
CC-BY-4.0
Web Security Review (OWASP Top 10)
Review web applications against all 10 OWASP Top 10 risks by following the full procedure in plays/owasp-top10-web-review.md.
Steps
Application Mapping — Identify framework/language, deployment model (monolith/microservices), trust boundaries (internet/internal/local), data sensitivity (PII, financial, health), and authentication mechanisms.
Assess Each OWASP Top 10 Risk:
A01 Broken Access Control — Missing authz checks, IDOR, privilege escalation, path traversal, CORS misconfigurations
Configuration Review — Examine web server configs (nginx, Apache), application configs, and deployment manifests for security settings.
Output
Application overview, risk matrix for all 10 categories with severity/status, detailed findings using templates/finding.md, positive controls observed, and prioritized remediation roadmap.
OWASP References
OWASP Top 10 for Web Applications (2021)
OWASP ASVS v5.0 — Application Security Verification Standard