owasp▌
41 indexed skills · max 10 per page
testing-for-open-redirect-vulnerabilities
mukul975/Anthropic-Cybersecurity-Skills · testing-for-open-redirect-vulnerabilities
Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters, bypass techniques, and exploitation chains for phishing and token theft.
testing-api-security-with-owasp-top-10
mukul975/Anthropic-Cybersecurity-Skills · testing-api-security-with-owasp-top-10
Systematically assessing REST and GraphQL API endpoints against the OWASP API Security Top 10 risks using automated and manual testing techniques.
performing-directory-traversal-testing
mukul975/Anthropic-Cybersecurity-Skills · performing-directory-traversal-testing
Testing web applications for path traversal vulnerabilities that allow reading or writing arbitrary files on the server by manipulating file path parameters.
exploiting-excessive-data-exposure-in-api
mukul975/Anthropic-Cybersecurity-Skills · exploiting-excessive-data-exposure-in-api
Tests APIs for excessive data exposure where endpoints return more data than the client application needs, relying on the frontend to filter sensitive fields. The tester intercepts API responses and analyzes them for leaked PII, internal identifiers, debug information, or sensitive business data that the UI does not display but the API transmits. This maps to OWASP API3:2023 Broken Object Property Level Authorization. Activates for requests involving API data leakage testing, excessive data exposure, response filtering bypass, or API over-fetching.
testing-cors-misconfiguration
mukul975/Anthropic-Cybersecurity-Skills · testing-cors-misconfiguration
Identifying and exploiting Cross-Origin Resource Sharing misconfigurations that allow unauthorized cross-domain data access and credential theft during security assessments.
bypassing-authentication-with-forced-browsing
mukul975/Anthropic-Cybersecurity-Skills · bypassing-authentication-with-forced-browsing
Discovering and accessing unprotected pages, APIs, and administrative interfaces by enumerating URLs and bypassing authentication controls during authorized security assessments.
testing-for-sensitive-data-exposure
mukul975/Anthropic-Cybersecurity-Skills · testing-for-sensitive-data-exposure
Identifying sensitive data exposure vulnerabilities including API key leakage, PII in responses, insecure storage, and unprotected data transmission during security assessments.
exploiting-sql-injection-with-sqlmap
mukul975/Anthropic-Cybersecurity-Skills · exploiting-sql-injection-with-sqlmap
Detecting and exploiting SQL injection vulnerabilities using sqlmap to extract database contents during authorized penetration tests.
testing-for-xss-vulnerabilities-with-burpsuite
mukul975/Anthropic-Cybersecurity-Skills · testing-for-xss-vulnerabilities-with-burpsuite
Identifying and validating cross-site scripting vulnerabilities using Burp Suite's scanner, intruder, and repeater tools during authorized security assessments.
exploiting-server-side-request-forgery
mukul975/Anthropic-Cybersecurity-Skills · exploiting-server-side-request-forgery
Identifying and exploiting SSRF vulnerabilities to access internal services, cloud metadata, and restricted network resources during authorized penetration tests.