Skip to main content
ClaudeWave
Skill440 repo starsupdated 1mo ago

owasp-top-10

This Claude Code skill provides a structured checklist for security audits based on OWASP Top 10 vulnerabilities, including broken access control, cryptographic failures, injection, insecure design, and related categories. Use it when reviewing application code, configurations, and deployment environments to identify security weaknesses, explain concrete risks with supporting evidence, and recommend targeted remediation steps.

View sourceRepository: sandstorm
Install in Claude Code
Copy
git clone --depth 1 https://github.com/tomascupr/sandstorm /tmp/owasp-top-10 && cp -r /tmp/owasp-top-10/src/sandstorm/starters/security-audit/claude-skills/owasp-top-10 ~/.claude/skills/owasp-top-10
Then start a new Claude Code session; the skill loads automatically.
Definition

SKILL.md

# OWASP Top 10 Review Checklist

Use this checklist when auditing application code, configuration, and deployment surfaces.

## Focus areas

- Broken access control
- Cryptographic failures
- Injection
- Insecure design
- Security misconfiguration
- Vulnerable and outdated components
- Identification and authentication failures
- Software and data integrity failures
- Security logging and monitoring failures
- Server-side request forgery

## Audit guidance

For each relevant category:

1. Identify the vulnerable file, endpoint, or configuration surface.
2. Explain the concrete risk instead of naming the category only.
3. Add the likely CWE when you can support it from the evidence.
4. Suggest the smallest credible remediation or validation step.

Prefer high-signal findings over long speculative lists.
More from this repository
docxSkill

Comprehensive document creation, editing, and analysis with support for tracked changes, comments, formatting preservation, and text extraction. When Claude needs to work with professional documents (.docx files) for: (1) Creating new documents, (2) Modifying or editing content, (3) Working with tracked changes, (4) Adding comments, or any other document tasks

pdfSkill

Comprehensive PDF manipulation toolkit for extracting text and tables, creating new PDFs, merging/splitting documents, and handling forms. When Claude needs to fill in a PDF form or programmatically process, generate, or analyze PDF documents at scale.

pptxSkill

Presentation creation, editing, and analysis. When Claude needs to work with presentations (.pptx files) for: (1) Creating new presentations, (2) Modifying or editing content, (3) Working with layouts, (4) Adding comments or speaker notes, or any other presentation tasks