owasp-top-10

SKILL.md

Expert guidance for identifying, preventing, and remediating OWASP Top 10 web application security risks.

Covers all 10 critical vulnerabilities ranked by severity, including broken access control, cryptographic failures, injection, insecure design, and security misconfiguration

Provides detailed reference files for each vulnerability category with vulnerable and secure code patterns, detection methods, and remediation strategies

Includes a structured security audit workflow covering scope identification, code analysis, finding documentation, and verification testing

Outlines core security principles (defense in depth, secure by default, input validation) and documents eight common implementation mistakes

References industry-standard testing tools (SAST, DAST, SCA, secrets scanning) and links to OWASP resources, NIST frameworks, and vulnerability databases

OWASP Top 10 Security Vulnerabilities

Expert guidance for identifying, preventing, and remediating the most critical web application security risks based on OWASP Top 10 2021.

When to Use This Skill

Conducting security audits and code reviews

Implementing secure coding practices in new features

Reviewing authentication and authorization systems

Assessing input validation and sanitization

Evaluating third-party dependencies for vulnerabilities

Designing security controls and defense-in-depth strategies

Preparing for security certifications or compliance audits

Investigating security incidents or suspicious behavior

OWASP Top 10 2021 Overview

Ranked by Risk Severity: