Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From secure-development
Check application against OWASP Top 10 and identify gaps in critical security controls.
How this command is triggered — by the user, by Claude, or both
Slash command
/secure-development:check-owasp application name or codebaseThe summary Claude sees in its command listing — used to decide when to auto-load this command
# Check OWASP Command Chain these steps: 1. Use `owasp-top-ten-check` to assess all 10 OWASP risk categories 2. Use `input-validation-patterns` to verify A03 (Injection) controls 3. Use `output-encoding` to verify A07 (XSS) controls 4. Use `authentication-design` to verify A07 (Authentication Failures) 5. Use `authorization-design` to verify A01 (Broken Access Control) 6. Use `cryptography-selection` to verify A02 (Cryptographic Failures) Deliverables: - OWASP Top 10 assessment matrix showing compliance per risk - Prioritized list of gaps (A01-A10) with business impact - Remediation roa...
Chain these steps:
owasp-top-ten-check to assess all 10 OWASP risk categoriesinput-validation-patterns to verify A03 (Injection) controlsoutput-encoding to verify A07 (XSS) controlsauthentication-design to verify A07 (Authentication Failures)authorization-design to verify A01 (Broken Access Control)cryptography-selection to verify A02 (Cryptographic Failures)Deliverables:
After completion, suggest follow-up commands: review-security, scan-dependencies.
npx claudepluginhub sethdford/claude-skills --plugin security-secure-development/owasp-checkPerforms a systematic OWASP Top 10 (2021) security review on the codebase or a specified component, assessing each category with findings and remediation advice.
/check-owaspScans the current codebase for OWASP Top 10 vulnerabilities including injection, broken access control, and cryptographic failures, then outputs a security assessment with remediation advice.
/securityConducts security reviews of apps, APIs, scripts, and configs using OWASP Top 10 best practices and threat modeling; detects vulnerabilities and suggests fixes.
/security-auditPerforms security vulnerability assessment covering authentication, authorization, input validation, and infrastructure, producing phased reports and remediation plans.
/securePerforms security audit using STRIDE threat modeling, OWASP Top 10, and red-team personas. Generates report with findings, severity ratings, remediations, verdict, and commit. Supports optional modes like --quick and --fix.