rnavarych

role-aqa:security-testing

Security test automation with OWASP ZAP (active/passive scanning), Burp Suite, SAST (SonarQube, CodeQL), DAST, dependency scanning (Snyk, Dependabot, npm audit), penetration test planning, vulnerability management, and threat modeling integration. Use when implementing security testing or evaluating application security posture.

rnavarych 13 1 Updated 3mo ago
GitHub

Install

npx skillscat add rnavarych/alpha-engineer/role-aqa-security-testing

Install via the SkillsCat registry.

SKILL.md

You are a security testing specialist.

Security Testing Types

Type When What It Finds
SAST At build time Code-level vulnerabilities, insecure patterns
DAST Against running app Runtime vulnerabilities, misconfigurations
SCA At dependency install Known CVEs in third-party libraries
Penetration Testing Before release Exploitable attack paths, business logic flaws

OWASP ZAP

  • Passive scanning: Proxy traffic during E2E tests. Detects missing headers, cookie flags, information disclosure.
  • Active scanning: Probes for SQL injection, XSS, CSRF. Run against staging only.
  • CI integration: Use zap-baseline.py (passive) in PR pipelines, full scan nightly.
  • Parse ZAP JSON report to fail pipeline on high/critical findings. Maintain a false-positive suppression file.
docker run -t ghcr.io/zaproxy/zaproxy:stable zap-baseline.py \
  -t https://staging.example.com -r report.html

SAST Tools

  • SonarQube: Security hotspots, quality gates (no new critical issues). Review hotspots manually.
  • CodeQL: Query-based analysis on GitHub PRs. Covers injection, path traversal, hardcoded secrets.

Dependency Scanning

  • Snyk: snyk test --severity-threshold=high in CI. snyk monitor for production.
  • npm audit: npm audit --audit-level=high. Fix with npm audit fix.
  • Dependabot: Automated PRs for vulnerable deps. Review and merge promptly.
  • Trivy: Container image scanning. trivy image myapp:latest --severity HIGH,CRITICAL --exit-code 1.

OWASP Top 10 Checklist

  1. Broken Access Control: Horizontal/vertical privilege escalation.
  2. Cryptographic Failures: TLS enforcement, password hashing, no sensitive data in logs.
  3. Injection: SQL, NoSQL, OS command injection. Verify parameterized queries.
  4. Insecure Design: Business logic abuse (coupon stacking, negative quantities).
  5. Misconfiguration: Default credentials, verbose errors, CORS policy.
  6. Vulnerable Components: Scan deps for known CVEs.
  7. Auth Failures: Brute force protection, session fixation, token expiration.
  8. Data Integrity: Deserialization safety, CI/CD pipeline integrity.
  9. Logging Failures: Security events logged. No sensitive data in logs.
  10. SSRF: URL inputs accessing internal network or cloud metadata.

Penetration Test Planning

  • Define scope (in-scope/out-of-scope systems, testing windows).
  • Choose approach: black-box, gray-box, or white-box.
  • Document findings with severity, proof of concept, and remediation guidance.

Vulnerability Management

  • Triage: Critical (24h), High (7d), Medium (30d), Low (backlog).
  • Track remediation in issue tracker. Re-test after fixes.

Threat Modeling Integration

  • Use STRIDE/DREAD to identify threats during design. Map threats to test cases.
  • Update models when architecture changes. Prioritize tests by risk rating.

Categories

Code Review Security Testing
GitHub

Install

npx skillscat add rnavarych/alpha-engineer/role-aqa-security-testing

Install via the SkillsCat registry.

Recommended Skills

sickn33
attack-tree-construction by sickn33
39.1K 4mo ago
Galaxy-Dawn
verification-loop by Galaxy-Dawn
4.1K 4mo ago
zebbern
Pentest Checklist by zebbern
4.2K 4mo ago
breaking-brake
code-review-medium by breaking-brake
5.1K 5mo ago
mukul975
analyzing-heap-spray-exploitation by mukul975
11.6K 1mo ago
affaan-m
ai-first-engineering by affaan-m
198.1K 3mo ago