一键导入
web-app-logic
Web application logic testing - business logic flaws, race conditions, access control, cache poisoning/deception, and information disclosure.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Web application logic testing - business logic flaws, race conditions, access control, cache poisoning/deception, and information disclosure.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Threat Intelligence Report Design System — ReportLab-based PDF generation for A4 reports with Transilience branding, typography, and layout standards.
Authentication security testing - auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.
Cloud and container security testing - AWS, Azure, GCP, Docker, and Kubernetes misconfigurations and exploitation.
Detect and break the cloud post-compromise attack chain (AWS / Azure / GCP) — per-stage CloudTrail / Activity-Log / Audit-Log detection signals and the preventive controls that close each step. Use for cloud detection engineering, hardening, remediation write-ups, or blue-team posture review of the lateral-movement -> privilege-escalation -> exfiltration -> evasion chain.
HackTheBox platform operations and automations to solve challenges, machines and capture the flags hacking competitions
Injection vulnerability testing - SQL, NoSQL, OS Command, SSTI, XXE, and LDAP/XPath injection techniques.
| name | web-app-logic |
| description | Web application logic testing - business logic flaws, race conditions, access control, cache poisoning/deception, and information disclosure. |
Test for logic flaws and application-specific vulnerabilities that automated scanners miss.
| Type | Key Vectors |
|---|---|
| Business Logic | Workflow bypass, price manipulation, feature abuse |
| Race Conditions | TOCTOU, limit bypass, double-spend, parallel requests |
| Access Control | IDOR, horizontal/vertical privilege escalation, forced browsing |
| Cache Poisoning | Unkeyed headers/parameters, fat GET, response splitting |
| Cache Deception | Path confusion, static extension tricks, normalization |
| Info Disclosure | Error messages, debug endpoints, source code, metadata |
reference/business-logic*.md - Business logic testing techniquesreference/race-conditions*.md - Race condition exploitationreference/access-control*.md - Access control bypass methodsreference/web-cache-poisoning*.md - Cache poisoning techniquesreference/web-cache-deception*.md - Cache deception attacksreference/information-disclosure*.md - Information disclosure testing