israeli-appsec-scanner
Israeli AppSec Scanner
Security scanning and compliance guidance tailored for Israeli web applications. This skill covers the full spectrum of application security, from OWASP Top 10 verification to Israeli Privacy Protection Authority (PPA) compliance, with special attention to Hebrew/RTL-specific attack vectors.
OWASP Top 10 Checklist (Israeli Context)
Work through each category systematically. For each finding, note the severity (Critical/High/Medium/Low) and provide a remediation recommendation.
A01: Broken Access Control
- Verify all API endpoints enforce authentication (check Next.js middleware, NestJS guards)
- Confirm role-based access control covers admin, user, and anonymous roles
- Test that Hebrew URL paths cannot bypass route-based authorization
- Check for Insecure Direct Object References (IDOR) on user-facing resources
- Verify CORS configuration restricts origins to expected Israeli domains
- Ensure JWT tokens are validated server-side, not just client-side
- Test directory traversal with Hebrew-encoded path segments (%D7%90 etc.)
A02: Cryptographic Failures
More from skills-il/security-compliance
israeli-privacy-shield
Israeli Privacy Protection Law compliance guidance including Amendment 13 (effective August 14, 2025), database registration, consent requirements, data security, cross-border transfers, breach notification, privacy protection officer appointment, and AI governance. Use when user asks about Israeli privacy law, "haganat pratiut", "tikun 13", data protection in Israel, GDPR compliance for Israeli companies, privacy policy requirements, or database registration. Covers the Privacy Protection Law 1981, Amendment 13, and 2017 Security Regulations. Do NOT use for EU GDPR-only questions without Israeli context.
3hebrew-legal-research
Assist with Israeli legal research including legislation lookup, case law concepts, Hebrew legal terminology, and legal document preparation guidance. Use when user asks about Israeli law, "chok", "mishpat", "bagatz", court procedures, employment law, contract law, real estate law, or needs help with Hebrew legal terms. Covers civil, commercial, employment, and administrative law. Do NOT use for providing formal legal advice — always recommend consulting a licensed Israeli attorney (orech din). Do NOT use for non-Israeli legal systems.
2israeli-ecommerce-compliance
Audit and ensure Israeli e-commerce legal compliance — Consumer Protection Law, return policies, price display, accessibility, and cookie consent. Use when user asks about "online store compliance Israel", "Chok Hagnat HaTzarchan", "consumer protection Israel", "return policy Israel", "IS 5568 ecommerce", "cookie consent Israel", or "חוק הגנת הצרכן". Covers cooling-off period validation, price display requirements, Hebrew terms of service generation, accessibility compliance (IS 5568), and business disclosure verification. Do NOT use for food-specific compliance (use israeli-food-business-compliance) or privacy/GDPR (use israeli-privacy-shield).
2israeli-cybersecurity-ops
Coordinate Israeli-built cybersecurity tools for security operations including threat triage, vulnerability management, compliance checking, and incident response. Use when user mentions security operations, "SOC", vulnerability scanning, threat triage, compliance assessment, or asks to coordinate Wiz, Snyk, Check Point, CyberArk, SentinelOne, Armis, Torq, or Pentera tools. Embeds Israeli security best practices including INCD guidelines and Israeli Privacy Protection Law compliance. Do NOT use for offensive security testing or creating exploits.
2israeli-cyber-regulations
Israeli cybersecurity regulatory framework guidance covering INCD (Ma'arach HaSyber) national directives, Bank of Israel Directive 361 (cyber for financial institutions), Directive 357 (payment security), ISA requirements for TASE-listed companies, and sector-specific rules for fintech and healthtech. Use when user asks about "cyber regulation Israel", "horaot Bank Israel 361", "INCD compliance", "Ma'arach HaSyber", "ISA cyber requirements", "sector cyber rules Israel", or "רגולציית סייבר". Covers regulatory mapping, gap analysis, compliance checklists, and audit preparation for Israeli cyber frameworks. Do NOT use for privacy law compliance (use israeli-privacy-compliance instead).
2israeli-shelter-guide
Guide to finding and preparing shelters in Israel, including mamad (apartment safe room), mamak (floor safe room), maman (institutional safe room), and miklat (public shelter). Use when a user needs to find the nearest shelter, prepare a safe room according to Home Front Command guidelines, understand time-to-shelter by region, set up workplace emergency procedures, or learn the Israeli shelter system as a new immigrant. Covers building regulations since 1992, municipal shelter databases, shelter preparation checklists, accessibility for people with disabilities, stairwell protocols for buildings without mamad, and what to do if caught outdoors. Helps users protect themselves and their families during rocket alerts, especially those unfamiliar with the system. Do NOT use for building alert integrations (use pikud-haoref-alerts), for safety protocol instructions per alert type (use pikud-haoref-safety-protocols), or for non-Israeli emergency shelter systems.
1