$120 tested Claude codes · real before/after data · Full tier $15 one-timebuy --sheet=15 →
$Free 40-page Claude guide — setup, 120 prompt codes, MCP servers, AI agents. download --free →
clskills.sh — terminal v2.4 — 2,347 skills indexed● online
[CL]Skills_
granular-workflow-bundleintermediate

web-security-testing

Share

Web application security testing workflow for OWASP Top 10 vulnerabilities including injection, XSS, authentication flaws, and access control issues.

Works with OpenClaude

Overview

Specialized workflow for testing web applications against OWASP Top 10 vulnerabilities including injection attacks, XSS, broken authentication, and access control issues.

When to Use This Workflow

Use this workflow when:

  • Testing web application security
  • Performing OWASP Top 10 assessment
  • Conducting penetration tests
  • Validating security controls
  • Bug bounty hunting

Workflow Phases

Phase 1: Reconnaissance

Skills to Invoke

  • scanning-tools - Security scanning
  • top-web-vulnerabilities - OWASP knowledge

Actions

  1. Map application surface
  2. Identify technologies
  3. Discover endpoints
  4. Find subdomains
  5. Document findings

Copy-Paste Prompts

Use @scanning-tools to perform web application reconnaissance

Phase 2: Injection Testing

Skills to Invoke

  • sql-injection-testing - SQL injection
  • sqlmap-database-pentesting - SQLMap

Actions

  1. Test SQL injection
  2. Test NoSQL injection
  3. Test command injection
  4. Test LDAP injection
  5. Document vulnerabilities

Copy-Paste Prompts

Use @sql-injection-testing to test for SQL injection

Use @sqlmap-database-pentesting to automate SQL injection testing

Phase 3: XSS Testing

Skills to Invoke

  • xss-html-injection - XSS testing
  • html-injection-testing - HTML injection

Actions

  1. Test reflected XSS
  2. Test stored XSS
  3. Test DOM-based XSS
  4. Test XSS filters
  5. Document findings

Copy-Paste Prompts

Use @xss-html-injection to test for cross-site scripting

Phase 4: Authentication Testing

Skills to Invoke

  • broken-authentication - Authentication testing

Actions

  1. Test credential stuffing
  2. Test brute force protection
  3. Test session management
  4. Test password policies
  5. Test MFA implementation

Copy-Paste Prompts

Use @broken-authentication to test authentication security

Phase 5: Access Control Testing

Skills to Invoke

  • idor-testing - IDOR testing
  • file-path-traversal - Path traversal

Actions

  1. Test vertical privilege escalation
  2. Test horizontal privilege escalation
  3. Test IDOR vulnerabilities
  4. Test directory traversal
  5. Test unauthorized access

Copy-Paste Prompts

Use @idor-testing to test for insecure direct object references

Use @file-path-traversal to test for path traversal

Phase 6: Security Headers

Skills to Invoke

  • api-security-best-practices - Security headers

Actions

  1. Check CSP implementation
  2. Verify HSTS configuration
  3. Test X-Frame-Options
  4. Check X-Content-Type-Options
  5. Verify referrer policy

Copy-Paste Prompts

Use @api-security-best-practices to audit security headers

Phase 7: Reporting

Skills to Invoke

  • reporting-standards - Security reporting

Actions

  1. Document vulnerabilities
  2. Assess risk levels
  3. Provide remediation
  4. Create proof of concept
  5. Generate report

Copy-Paste Prompts

Use @reporting-standards to create security report

OWASP Top 10 Checklist

  • A01: Broken Access Control
  • A02: Cryptographic Failures
  • A03: Injection
  • A04: Insecure Design
  • A05: Security Misconfiguration
  • A06: Vulnerable Components
  • A07: Authentication Failures
  • A08: Software/Data Integrity
  • A09: Logging/Monitoring
  • A10: SSRF

Quality Gates

  • All OWASP Top 10 tested
  • Vulnerabilities documented
  • Proof of concepts captured
  • Remediation provided
  • Report generated

Related Workflow Bundles

  • security-audit - Security auditing
  • api-security-testing - API security
  • wordpress-security - WordPress security

Quick Info

Categorygranular-workflow-bundle
Difficultyintermediate
Version1.0.0
Authorantigravity
communityantigravity

Install command:

Related granular-workflow-bundle Skills

Other Claude Code skills in the same category — free to download.

granular-workflow-bundleintermediate

ai-agent-development

AI agent development workflow for building autonomous agents, multi-agent systems, and agent orchestration with CrewAI, LangGraph, and custom agents.

granular-workflow-bundleintermediate

api-security-testing

API security testing workflow for REST and GraphQL APIs covering authentication, authorization, rate limiting, input validation, and security best practices.

granular-workflow-bundleintermediate

bash-scripting

Bash scripting workflow for creating production-ready shell scripts with defensive patterns, error handling, and testing.

granular-workflow-bundleintermediate

e2e-testing

End-to-end testing workflow with Playwright for browser automation, visual regression, cross-browser testing, and CI/CD integration.

granular-workflow-bundleintermediate

kubernetes-deployment

Kubernetes deployment workflow for container orchestration, Helm charts, service mesh, and production-ready K8s configurations.

granular-workflow-bundleintermediate

linux-troubleshooting

Linux system troubleshooting workflow for diagnosing and resolving system issues, performance problems, and service failures.

granular-workflow-bundleintermediate

postgresql-optimization

PostgreSQL database optimization workflow for query tuning, indexing strategies, performance analysis, and production database management.

granular-workflow-bundleintermediate

python-fastapi-development

Python FastAPI backend development with async patterns, SQLAlchemy, Pydantic, authentication, and production API patterns.

Want a granular-workflow-bundle skill personalized to YOUR project?

This is a generic skill that works for everyone. Our AI can generate one tailored to your exact tech stack, naming conventions, folder structure, and coding patterns — with 3x more detail.

Custom Agent — $5 →|Analyze My Stack — $3 →