security-audit

SKILL.md

Security audits, vulnerability assessment, and secure coding patterns aligned with OWASP.

| A01 | Broken Access Control | Unauthorized access to resources | | A02 | Cryptographic Failures | Weak encryption, exposed secrets | | A03 | Injection | SQL, NoSQL, OS, LDAP injection | | A04 | Insecure Design | Missing security controls by design | | A05 | Security Misconfiguration | Default configs, verbose errors |

| A06 | Vulnerable Components | Outdated libraries with CVEs | | A07 | Auth Failures | Broken authentication/session | | A08 | Data Integrity Failures | Insecure deserialization, CI/CD | | A09 | Logging Failures | Missing audit logs, monitoring | | A10 | SSRF | Server-side request forgery |

Modèles d'audit de sécurité pour PHP/OWASP. À utiliser lors de la réalisation d'évaluations de sécurité, d'identification de vulnérabilités (XXE, injection SQL, XSS) ou de notation CVSS. Source : dirnbauer/webconsulting-skills.

Voir l'original