Owasp

A comprehensive security review skill that provides checklists and code examples for secure coding practices. It covers secrets management, input validation, SQL injection prevention, XSS/CSRF protection, authentication, rate limiting, cloud IAM, logging, CI/CD pipeline security, and disaster recovery. This is purely educational documentation with no executable code.

A comprehensive security reference skill that provides OWASP security patterns, secrets management best practices, and automated security testing workflows. It includes code examples for input validation, authentication, JWT handling, password hashing, and security headers, along with GitHub Actions templates for CI/CD security scanning.

A comprehensive security threat modeling skill that analyzes codebases using STRIDE methodology across 8 phases. It generates data flow diagrams, identifies threats with CWE/CAPEC/ATT&CK mappings, validates risks with POC designs, and produces detailed security assessment reports. Supports AI/LLM security, multi-cloud environments, and includes a knowledge base of 974 CWEs, 615 attack patterns, and 323K+ CVEs.