Audits web app session management for vulnerabilities including fixation, ID generation, expiration, cookie attributes, storage, and invalidation.
npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin session-security-checkerThis skill is limited to using the following tools:
Audit session management implementations in web applications to identify vulnerabilities including session fixation (CWE-384), insufficient session expiration (CWE-613), and cleartext transmission of session tokens (CWE-319).
Acquire memory dumps from live systems/VMs and analyze with Volatility 3 for processes, networks, DLLs, injections in incident response or malware hunts.
Provides x86-64/ARM disassembly patterns, calling conventions, control flow recognition for static analysis of executables and compiled binaries.
Identifies anti-debugging checks like IsDebuggerPresent, NtQueryInformationProcess in Windows binaries; suggests bypasses via patches/hooks/scripts for malware analysis, CTFs, authorized RE.
Audit session management implementations in web applications to identify vulnerabilities including session fixation (CWE-384), insufficient session expiration (CWE-613), and cleartext transmission of session tokens (CWE-319).
${CLAUDE_SKILL_DIR}/session.config.*, settings.py, application.yml)${CLAUDE_SKILL_DIR}/security-reports/**/auth/**, **/session/**, **/middleware/**, and framework-specific files (settings.py, application.yml, web.config).Date.now(), Math.random(), sequential IDs, or timestamp-based tokens (CWE-330).req.session.regenerate() in Express, request.session.cycle_key() in Django). Flag any login handler that sets authenticated = true without regenerating the session ID.HttpOnly (prevents XSS-based token theft), Secure (HTTPS-only transmission), SameSite=Lax|Strict (CSRF mitigation), and __Host-/__Secure- prefix usage. Flag any missing attribute.${CLAUDE_SKILL_DIR}/security-reports/session-security-YYYYMMDD.md with per-finding severity, CWE mapping, vulnerable code snippet, and remediated code example.See ${CLAUDE_SKILL_DIR}/references/implementation.md for the detailed implementation guide. See ${CLAUDE_SKILL_DIR}/references/critical-findings.md for example vulnerability patterns with before/after code.
${CLAUDE_SKILL_DIR}/security-reports/session-security-YYYYMMDD.md with findings by severity| Error | Cause | Solution |
|---|---|---|
No session handling code found in ${CLAUDE_SKILL_DIR}/ | Unusual file structure or framework | Search for framework-specific patterns; request explicit file paths |
| Unknown session framework | Custom or uncommon session library | Apply fundamental session security principles; note limited framework-specific guidance |
| Cannot analyze minified/compiled code | Production bundles instead of source | Request unminified source code; document limitation |
| Non-standard session implementation | Custom session management bypassing framework | Apply extra scrutiny; custom implementations are higher risk (CWE-384, CWE-613) |
| Session config in environment variables, not code | Externalized configuration | Request .env.example or deployment config documentation |
${CLAUDE_SKILL_DIR}/references/critical-findings.md -- example vulnerability patterns${CLAUDE_SKILL_DIR}/references/errors.md -- full error handling reference