Skill

dast-test-plan

Design and execute Dynamic Application Security Testing (DAST) test plans to find runtime vulnerabilities in web applications.

From application-security

Install

Run in your terminal

npx claudepluginhub sethdford/claude-skills --plugin security-application-security

Tool Access

This skill uses the workspace's default tool permissions.

Skill Content

Similar Skills

agent-harness-construction

Designs and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.

ecc

140.7k

agent-payment-x402

Enables AI agents to execute x402 payments with per-task budgets, spending controls, and non-custodial wallets via MCP tools. Use when agents pay for APIs, services, or other agents.

ecc

140.7k

agent-eval

Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.

ecc

140.7k

Stats

Parent Repo Stars3

Parent Repo Forks0

Last CommitMar 11, 2026

Actions

View Source View Plugin View on GitHub View README

Domain Context

DAST Tools: Burp Suite, OWASP ZAP, Acunetix, Fortify WebInspect, Rapid7 InsightAppSec, Stackhawk

Attack Surface: HTTP/HTTPS endpoints, APIs, authentication flows, session management, file uploads, redirects

Vulnerability Types: SQL injection, XSS, CSRF, broken authentication, authorization flaws, business logic bugs

Environment Requirements: Disposable test environment (staging or isolated), test data cleanup, approval for security testing

Instructions

Scope Definition:

Identify all endpoints/workflows to test (authentication flows, user interactions, admin functions)
Define out-of-scope areas (payment processing, customer PII) to avoid
Create test user accounts and test data
Document baseline application behavior (what is "normal"?)

Configure DAST Tool:

Select DAST tool based on application tech stack (Burp for web, ZAP for open-source, Acunetix for enterprise)
Configure authentication (provide credentials so scanner can test authenticated endpoints)
Set crawl depth and request throttling (avoid DoS-like behavior)
Configure SSL/TLS certificate handling for test environment

Execute Scan:

Run baseline crawl to map application attack surface
Run active scanning with payloads (SQLi, XSS, command injection, etc.)
Test specific workflows: login flow, privilege escalation, file upload, API calls
Verify application responds correctly to malicious input (errors, logs, etc.)

Analyze Results:

Review all findings; categorize by severity and accuracy
Verify true positives (is the vulnerability real or false positive?)
Check for missed coverage (endpoints not scanned, authentication bypass bypassed?)
Correlate DAST findings with SAST results

Report & Remediate:

Document reproducible steps for each vulnerability
Assign to development team with remediation SLA
Verify fixes in retesting
Track metrics: total vulnerabilities, time-to-remediation, repeat findings

Anti-Patterns

Running DAST on production without approval or safeguards; always test on staging or isolated environment

Scanning without proper authentication context; many vulnerabilities only surface when authenticated

Ignoring false positives and false negatives; manual verification is essential; DAST has blind spots (business logic bugs)

Testing at too-high throttle (making application unavailable); coordinate with ops; use conservative settings

Not cleaning up test data; test accounts and data should be removed after scanning

Domain Context

DAST Tools: Burp Suite, OWASP ZAP, Acunetix, Fortify WebInspect, Rapid7 InsightAppSec, Stackhawk

Attack Surface: HTTP/HTTPS endpoints, APIs, authentication flows, session management, file uploads, redirects

Vulnerability Types: SQL injection, XSS, CSRF, broken authentication, authorization flaws, business logic bugs

Environment Requirements: Disposable test environment (staging or isolated), test data cleanup, approval for security testing

Instructions

Scope Definition:

Identify all endpoints/workflows to test (authentication flows, user interactions, admin functions)
Define out-of-scope areas (payment processing, customer PII) to avoid
Create test user accounts and test data
Document baseline application behavior (what is "normal"?)

Configure DAST Tool:

Select DAST tool based on application tech stack (Burp for web, ZAP for open-source, Acunetix for enterprise)
Configure authentication (provide credentials so scanner can test authenticated endpoints)
Set crawl depth and request throttling (avoid DoS-like behavior)
Configure SSL/TLS certificate handling for test environment

Execute Scan:

Run baseline crawl to map application attack surface
Run active scanning with payloads (SQLi, XSS, command injection, etc.)
Test specific workflows: login flow, privilege escalation, file upload, API calls
Verify application responds correctly to malicious input (errors, logs, etc.)

Analyze Results:

Review all findings; categorize by severity and accuracy
Verify true positives (is the vulnerability real or false positive?)
Check for missed coverage (endpoints not scanned, authentication bypass bypassed?)
Correlate DAST findings with SAST results

Report & Remediate:

Document reproducible steps for each vulnerability
Assign to development team with remediation SLA
Verify fixes in retesting
Track metrics: total vulnerabilities, time-to-remediation, repeat findings

Anti-Patterns

Running DAST on production without approval or safeguards; always test on staging or isolated environment

Scanning without proper authentication context; many vulnerabilities only surface when authenticated

Ignoring false positives and false negatives; manual verification is essential; DAST has blind spots (business logic bugs)

Testing at too-high throttle (making application unavailable); coordinate with ops; use conservative settings

Not cleaning up test data; test accounts and data should be removed after scanning

dast-test-plan

dast-test-plan

DAST Test Plan

Context

Domain Context

Instructions

Anti-Patterns

Further Reading

DAST Test Plan

Context

Domain Context

Instructions

Anti-Patterns

Further Reading