← Back to list
security-assessment
by spjoshis
Modular Claude plugins for agent-based expertise and reusable skills across software development and Agile. Easily extend, share, and automate best practices for modern development.
⭐ 1🍴 0📅 Dec 30, 2025
Run in ManusSKILL.md
name: security-assessment description: Master security assessments with vulnerability scanning, penetration testing, security testing, and security audits.
Security Assessment
Conduct comprehensive security assessments to identify vulnerabilities, test security controls, and improve security posture.
When to Use This Skill
- Pre-release security testing
- Compliance audits
- Vulnerability management
- Security validation
- Third-party assessments
- Incident prevention
- Security baseline
- Continuous monitoring
Core Concepts
1. Vulnerability Assessment
## Vulnerability Scan Report
**Scan Date**: 2024-01-15
**Target**: web.example.com
**Tool**: Nessus
### Critical Vulnerabilities (2)
1. **CVE-2023-XXXXX**: SQL Injection in login form
- CVSS: 9.8 (Critical)
- Remediation: Update framework to v2.1.5
- Priority: P0
2. **CVE-2023-YYYYY**: RCE in file upload
- CVSS: 9.1 (Critical)
- Remediation: Implement file type validation
- Priority: P0
### High Vulnerabilities (5)
3. **Missing Security Headers**
- Missing: CSP, X-Frame-Options, HSTS
- CVSS: 7.5
- Remediation: Configure headers in web server
4. **Weak TLS Configuration**
- TLS 1.0/1.1 enabled
- CVSS: 7.4
- Remediation: Disable old TLS versions
### Remediation Plan
- Week 1: Fix critical issues (1, 2)
- Week 2: Fix high severity (3, 4, 5)
- Week 3: Rescan and verify
2. Security Test Plan
# Security Test Plan: E-Commerce Application
## Scope
- Web application
- API endpoints
- Mobile apps (iOS/Android)
## Test Categories
### Authentication & Session Management
- [ ] Brute force protection
- [ ] Password complexity
- [ ] Session timeout
- [ ] Secure session tokens
- [ ] MFA implementation
- [ ] Password reset security
### Authorization
- [ ] Horizontal privilege escalation
- [ ] Vertical privilege escalation
- [ ] Insecure direct object references
- [ ] Missing function-level access control
### Input Validation
- [ ] SQL injection
- [ ] XSS (reflected, stored, DOM)
- [ ] Command injection
- [ ] Path traversal
- [ ] XXE
### Cryptography
- [ ] Sensitive data encryption (in transit)
- [ ] Sensitive data encryption (at rest)
- [ ] Weak cryptographic algorithms
- [ ] Insecure random number generation
### Business Logic
- [ ] Payment bypass
- [ ] Cart manipulation
- [ ] Price tampering
- [ ] Inventory manipulation
### API Security
- [ ] API authentication
- [ ] Rate limiting
- [ ] Input validation
- [ ] Error handling
## Test Approach
1. Automated scanning (OWASP ZAP)
2. Manual testing (Burp Suite)
3. Code review (key areas)
4. Configuration review
Best Practices
- Get permission - Authorization before testing
- Define scope - Clear boundaries
- Use multiple methods - Automated + manual
- Document findings - Clear, reproducible
- Prioritize by risk - CVSS + business impact
- Verify fixes - Retest after remediation
- Safe testing - Avoid service disruption
- Continuous assessment - Regular scanning
Resources
- OWASP Testing Guide: Comprehensive testing methodology
- Burp Suite: Web security testing tool
- OWASP ZAP: Free security scanner
Score
Total Score
60/100
Based on repository quality metrics
✓SKILL.md
SKILL.mdファイルが含まれている
+20
○LICENSE
ライセンスが設定されている
0/10
✓説明文
100文字以上の説明がある
+10
○人気
GitHub Stars 100以上
0/15
✓最近の活動
3ヶ月以内に更新
+5
○フォーク
10回以上フォークされている
0/5
✓Issue管理
オープンIssueが50未満
+5
○言語
プログラミング言語が設定されている
0/5
✓タグ
1つ以上のタグが設定されている
+5
Reviews
💬
Reviews coming soon
