security-pen-testing

# Security Penetration Testing Hands-on offensive security testing skill for finding vulnerabilities before attackers do. This is NOT compliance checking (see senior-secops) or security policy writing (see senior-security) — this is about systematic vulnerability discovery through authorized testing. --- ## Table of Contents - [Overview](#overview) - [OWASP Top 10 Systematic Audit](#owasp-top-10-systematic-audit) - [Static Analysis](#static-analysis) - [Dependency Vulnerability Scanning](#dependency-vulnerability-scanning) - [Secret Scanning](#secret-scanning) - [API Security Testing](#api-security-testing) - [Web Vulnerability Testing](#web-vulnerability-testing) - [Infrastructure Security](#infrastructure-security) - [Pen Test Report Generation](#pen-test-report-generation) - [Responsible Disclosure Workflow](#responsible-disclosure-workflow) - [Workflows](#workflows) - [Anti-Patterns](#anti-patterns) - [Cross-References](#cross-references) --- ## Overview ### What This Skill Does This skill provides the methodology, checklists, and automation for **offensive security testing** — actively probing systems to discover exploitable vulnerabilities. It covers web applications, APIs, infrastructure, and supply chain security. ### Distinction from Other Security Skills | Skill | Focus | Approach | |-------|-------|----------| | **security-pen-testing** (this) | Finding vulnerabilities | Offensive — simulate attacker techniques | | senior-secops | Security operations | De...