Triage web application vulnerability findings from DAST/SAST scanners using OWASP risk rating methodology to separate true positives from false positives and prioritize remediation.
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versionperforming-web-application-vulnerability-triageExecute the skills CLI command in your project's root directory to begin installation:
Fetches performing-web-application-vulnerability-triage from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate performing-web-application-vulnerability-triage. Access via /performing-web-application-vulnerability-triage in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Automate repetitive workflows and reduce manual effort
Example
Generate reports, summarize documents, draft communications
Save 3-5 hours per week on routine tasks
Learn new skills, understand complex topics, get expert guidance
Example
Explain concepts, provide examples, suggest learning resources
Accelerate learning and skill development by 2x
Enhance output quality through reviews, suggestions, and refinements
Example
Review drafts, suggest improvements, catch errors
Improve work quality by 30-40% with less effort
0
total installs
0
this week
8.6K
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
8.6K
stars
| name | performing-web-application-vulnerability-triage |
| description | Triage web application vulnerability findings from DAST/SAST scanners using OWASP risk rating methodology to separate true positives from false positives and prioritize remediation. |
| domain | cybersecurity |
| subdomain | vulnerability-management |
| tags | - web-application - vulnerability-triage - owasp - dast - sast - burp-suite - zap - false-positive - risk-rating |
| version | '1.0' |
| author | mahipal |
| license | Apache-2.0 |
| nist_csf | - ID.RA-01 - ID.RA-02 - ID.IM-02 - ID.RA-06 |
Web application vulnerability triage is the process of reviewing findings from DAST (Dynamic Application Security Testing) and SAST (Static Application Security Testing) tools to validate true positives, dismiss false positives, assign risk ratings using the OWASP Risk Rating Methodology, and prioritize remediation. Effective triage reduces alert fatigue and focuses development teams on the vulnerabilities that matter most.
requests, beautifulsoup4Risk = Likelihood x Impact
| Factor Group | Factor | Description |
|---|---|---|
| Threat Agent | Skill Level | How technically skilled is the attacker? |
| Threat Agent | Motive | How motivated is the attacker? |
| Threat Agent | Opportunity | What resources/access are needed? |
| Threat Agent | Size | How large is the potential threat agent group? |
| Vulnerability | Ease of Discovery | How easy is it to find the vulnerability? |
| Vulnerability | Ease of Exploit | How easy is it to exploit? |
| Vulnerability | Awareness | How well known is the vulnerability? |
| Vulnerability | Intrusion Detection | How likely is exploitation to be detected? |
| Factor Group | Factor | Description |
|---|---|---|
| Technical | Confidentiality | How much data could be disclosed? |
| Technical | Integrity | How much data could be corrupted? |
| Technical | Availability | How much service could be lost? |
| Technical | Accountability | Can actions be traced to attacker? |
| Business | Financial Damage | Revenue loss, regulatory fines |
| Business | Reputation Damage | Brand trust erosion |
| Business | Non-compliance | Regulatory violation exposure |
| Business | Privacy Violation | PII/PHI exposure volume |
| Low Impact (0-3) | Medium Impact (3-6) | High Impact (6-9) | |
|---|---|---|---|
| High Likelihood (6-9) | Medium | High | Critical |
| Medium Likelihood (3-6) | Low | Medium | High |
| Low Likelihood (0-3) | Note | Low | Medium |
OWASP_TOP_10_2021 = {
"A01": "Broken Access Control",
"A02": "Cryptographic Failures",
"A03": "Injection",
"A04": "Insecure Design",
"A05": "Security Misconfiguration",
"A06": "Vulnerable and Outdated Components",
"A07": "Identification and Authentication Failures",
"A08": "Software and Data Integrity Failures",
"A09": "Security Logging and Monitoring Failures",
"A10": "Server-Side Request Forgery",
}
CWE_TO_OWASP = {
"CWE-79": "A03", # XSS -> Injection
"CWE-89": "A03", # SQL Injection
"CWE-78": "A03", # OS Command Injection
"CWE-352": "A01", # CSRF -> Access Control
"CWE-22": "A01", # Path Traversal
"CWE-200": "A02", # Information Exposure
"CWE-327": "A02", # Weak Cryptography
"CWE-287": "A07", # Authentication Issues
"CWE-918": "A10", # SSRF
"CWE-502": "A08", # Deserialization
"CWE-611": "A05", # XXE -> Misconfiguration
}
def triage_finding(finding):
"""Classify finding as true_positive, false_positive, or needs_review."""
fp_indicators = [
"Content-Security-Policy header not set", # Often informational
"X-Content-Type-Options header missing", # Low severity header
"Cookie without SameSite attribute", # Context dependent
]
for indicator in fp_indicators:
if indicator.lower() in finding.get("title", "").lower():
if finding.get("severity", "").lower() in ("info", "low"):
return "false_positive", "Common informational finding"
# Check for confirmed exploitation evidence
if finding.get("evidence") and finding.get("confidence", "").lower() == "certain":
return "true_positive", "Scanner confirmed exploitation"
# SAST findings need manual code review
if finding.get("source") == "sast":
if finding.get("cwe") in ["CWE-89", "CWE-78", "CWE-79"]:
return "needs_review", "Injection finding requires manual code review"
return "needs_review", "Requires manual validation"
def calculate_risk_score(finding, app_context):
"""Calculate OWASP risk rating for a web application finding."""
# Likelihood factors
likelihood = {
"skill_level": 6 if finding["cwe"] in ["CWE-89", "CWE-79"] else 4,
"motive": 7, # Financial gain
"opportunity": 7 if finding.get("authenticated") == False else 4,
"size": 9 if finding.get("internet_facing") else 4,
"ease_of_discovery": 8 if finding.get("scanner_detected") else 5,
"ease_of_exploit": 7 if finding.get("exploit_available") else 4,
"awareness": 6,
"intrusion_detection": 3 if app_context.get("waf_enabled") else 8,
}
# Impact factors
impact = {
"confidentiality": 9 if "data_exposure" in finding.get("tags", []) else 5,
"integrity": 9 if finding["cwe"] in ["CWE-89", "CWE-78"] else 4,
"availability": 7 if "dos" in finding.get("tags", []) else 2,
"accountability": 3 if app_context.get("logging_enabled") else 7,
"financial": 7 if app_context.get("processes_payments") else 3,
"reputation": 6 if app_context.get("customer_facing") else 2,
"compliance": 8 if app_context.get("pci_scope") else 3,
"privacy": 9 if app_context.get("handles_pii") else 2,
}
likelihood_score = sum(likelihood.values()) / len(likelihood)
impact_score = sum(impact.values()) / len(impact)
risk_score = likelihood_score * impact_score
if risk_score >= 42:
risk_level = "Critical"
elif risk_score >= 24:
risk_level = "High"
elif risk_score >= 12:
risk_level = "Medium"
elif risk_score >= 3:
risk_level = "Low"
else:
risk_level = "Note"
return {
"likelihood_score": round(likelihood_score, 1),
"impact_score": round(impact_score, 1),
"risk_score": round(risk_score, 1),
"risk_level": risk_level,
}
# Process DAST/SAST results through triage pipeline
python3 scripts/process.py \
--input zap_results.json \
--format zap \
--app-context app_config.json \
--output triage_report.json
# Test parameter with single quote
GET /search?q=test' HTTP/1.1
# Test with boolean-based payload
GET /search?q=test' AND 1=1-- HTTP/1.1
GET /search?q=test' AND 1=2-- HTTP/1.1
# Time-based verification
GET /search?q=test'; WAITFOR DELAY '0:0:5'-- HTTP/1.1
# Reflected XSS test
GET /search?q=<script>alert(document.domain)</script> HTTP/1.1
# Check if output is encoded
GET /search?q="><img src=x onerror=alert(1)> HTTP/1.1
# DOM-based XSS
GET /page#<img src=x onerror=alert(1)> HTTP/1.1
Prerequisites
Time Estimate
15-45 minutes depending on use case complexity
Steps
Common Pitfalls
✓ Do
✗ Don't
💡 Pro Tips
✓ Use when
Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.
✗ Avoid when
Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
performing-web-application-vulnerability-triage reduced setup friction for our internal harness; good balance of opinion and flexibility.
I recommend performing-web-application-vulnerability-triage for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
We added performing-web-application-vulnerability-triage from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
Useful defaults in performing-web-application-vulnerability-triage — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
We added performing-web-application-vulnerability-triage from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
Keeps context tight: performing-web-application-vulnerability-triage is the kind of skill you can hand to a new teammate without a long onboarding doc.
I recommend performing-web-application-vulnerability-triage for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
performing-web-application-vulnerability-triage is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
Useful defaults in performing-web-application-vulnerability-triage — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
We added performing-web-application-vulnerability-triage from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
showing 1-10 of 60