web-app-security-audit
Web Application Security Audit
Overview
A structured penetration testing methodology based on The Web Application Hacker's Handbook. Guides you through 10 sequential phases to systematically identify vulnerabilities in any web application you're building or reviewing.
When to Use
- Before deploying a web application to production
- When adding authentication, payment processing, or user-facing features
- During periodic security reviews
- After integrating third-party services or APIs
- When you suspect a specific vulnerability class but want comprehensive coverage
When NOT to Use
- Against applications you don't own or have authorization to test
- As a replacement for professional penetration testing on critical systems
- For network-level security (this is application-layer focused)
More from ahmedhamadto/software-forge
ux-usability-review
Use when reviewing any interface for usability — walks through Krug's principles from Don't Make Me Think covering cognitive load, scanning, navigation, homepage clarity, mobile usability, accessibility, and the goodwill reservoir.
27ui-polish-review
Use when reviewing any web or app interface for visual quality — walks through Refactoring UI principles covering hierarchy, spacing, typography, color, depth, images, and finishing touches to elevate design from amateur to professional.
19voice-agent-prompt
Engineer system prompts for LiveKit voice agents with multilingual support. Use when creating or optimizing AI agent conversation flows.
15systematic-debugging
Use when encountering any bug, test failure, or unexpected behavior, before proposing fixes
12subagent-driven-development
Use when executing implementation plans with independent tasks in the current session
11verification-before-completion
Use when about to claim work is complete, fixed, or passing, before committing or creating PRs - requires running verification commands and confirming output before making any success claims; evidence before assertions always
11