owasp-top-10
Expert guidance for identifying, preventing, and remediating OWASP Top 10 web application security risks.
- Covers all 10 critical vulnerabilities ranked by severity, including broken access control, cryptographic failures, injection, insecure design, and security misconfiguration
- Provides detailed reference files for each vulnerability category with vulnerable and secure code patterns, detection methods, and remediation strategies
- Includes a structured security audit workflow covering scope identification, code analysis, finding documentation, and verification testing
- Outlines core security principles (defense in depth, secure by default, input validation) and documents eight common implementation mistakes
- References industry-standard testing tools (SAST, DAST, SCA, secrets scanning) and links to OWASP resources, NIST frameworks, and vulnerability databases
OWASP Top 10 Security Vulnerabilities
Expert guidance for identifying, preventing, and remediating the most critical web application security risks based on OWASP Top 10 2021.
When to Use This Skill
- Conducting security audits and code reviews
- Implementing secure coding practices in new features
- Reviewing authentication and authorization systems
- Assessing input validation and sanitization
- Evaluating third-party dependencies for vulnerabilities
- Designing security controls and defense-in-depth strategies
- Preparing for security certifications or compliance audits
- Investigating security incidents or suspicious behavior
OWASP Top 10 2021 Overview
Ranked by Risk Severity:
More from nickcrew/claude-ctx-plugin
react-performance-optimization
React performance optimization patterns using memoization, code splitting, and efficient rendering strategies. Use when optimizing slow React applications, reducing bundle size, or improving user experience with large datasets.
1.2Kui-design-aesthetics
Generates high-quality, non-generic UI designs with a focus on performance, progressive disclosure, and distinctive aesthetics.
114helm-chart-patterns
Helm chart development patterns for packaging and deploying Kubernetes applications. Use when creating reusable Helm charts, managing multi-environment deployments, or building application catalogs for Kubernetes.
110code-explanation
Use when explaining code, concepts, or system behavior to a specific audience level - provides a structured explanation workflow with depth control and validation steps.
103security-testing-patterns
Security testing patterns including SAST, DAST, penetration testing, and vulnerability assessment techniques. Use when implementing security testing pipelines, conducting security audits, or validating application security controls.
91typescript-advanced-patterns
Advanced TypeScript patterns for type-safe, maintainable code using sophisticated type system features. Use when building type-safe APIs, implementing complex domain models, or leveraging TypeScript's advanced type capabilities.
89