Security Test Scanner

Overview

Automate security vulnerability detection covering OWASP Top 10 categories including SQL injection, XSS, CSRF, broken authentication, and sensitive data exposure. Combines static analysis (source code scanning with Semgrep, Bandit, ESLint security plugins) with dynamic testing patterns (input fuzzing, header validation, authentication bypass checks).

Prerequisites

Static analysis tools installed (Semgrep, ESLint with eslint-plugin-security, Bandit for Python, or SpotBugs for Java)
Application running in a test environment (never scan production without explicit authorization)
Written authorization to perform security testing on the target system
npm audit, pip-audit, or trivy for dependency vulnerability scanning
OWASP ZAP or Burp Suite for dynamic application security testing (optional)

Instructions

Run dependency vulnerability scanning to identify known CVEs:
- Execute npm audit --json or pip-audit --format json or trivy fs ..
- Parse results and flag critical/high severity vulnerabilities.
- Check if vulnerable dependencies have available patches.

performing-security-testing

Security Test Scanner

Overview

Prerequisites

Instructions

More from jeremylongshore/claude-code-plugins-plus-skills

backtesting-trading-strategies

mindmap-generator

svg-icon-generator

performance-lighthouse-runner

tracking-crypto-prices

d2-diagram-creator