test-security_skill

This skill helps you design comprehensive security tests for authentication, authorization, and data protection to prevent breaches.
  • Shell

0

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill shotaiuchi/dotclaude --skill test-security

  • SKILL.md2.1 KB

Overview

This skill helps you design and generate security test plans focused on authentication, authorization, input validation, injection prevention, CSRF protection, and data encryption. It produces prioritized, actionable test cases and a concise report format to guide implementation. Use it to ensure critical protections are covered and to communicate testing priorities to engineers and QA.

How this skill works

The skill inspects common security areas and converts them into concrete test scenarios with priority ratings (Must, Should, Could, Won't). It outlines checks for login flows, token management, role boundaries, injection vectors, data-at-rest and in-transit protections, and security headers. The output is a structured test plan that teams can execute or translate into automated test scripts.

When to use it

  • Before a release that changes auth, session, or token handling
  • When adding or modifying role-based access controls or permissions
  • During security sprints or threat modeling to create test coverage
  • When validating data protection after storage or transport changes
  • While hardening APIs and web apps against injection and XSS

Best practices

  • Prioritize 'Must' tests to block authentication bypass and data exposure first
  • Validate authorization at the API layer, not solely in UI checks
  • Use parameterized queries and input sanitization for all data touchpoints
  • Include automated regression tests for token expiration, revocation, and MFA
  • Mask or redact sensitive values in logs, exports, and error messages

Example use cases

  • Create a test suite that verifies login success/failure, token refresh, and session invalidation with 'Must' priority
  • Validate role enforcement by testing horizontal and vertical privilege escalation attempts ('Should')
  • Run injection tests (SQL, XSS, command, path traversal) and mark defense-in-depth checks as 'Could'
  • Confirm encryption at rest and in transit, CORS/CSP headers, and secure deletion workflows
  • Produce a concise test report mapping each scenario to Must/Should/Could/Won't priorities for stakeholders

FAQ

Priorities map to risk and impact: Must for authentication/data exposure, Should for authorization boundaries, Could for secondary defenses, and Won't for theoretical physical or insider-only attacks.

Can these tests be automated?

Yes. Most scenarios translate to automated API or end-to-end tests; token/session flows, injection payloads, and header checks are commonly scripted.

What areas should be tested first?

Start with authentication, session/token handling, and any endpoints that expose sensitive data; these are high-impact 'Must' items.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational