web-security-testing

# Web Security Testing Workflow ## Overview Specialized workflow for testing web applications against OWASP Top 10 vulnerabilities including injection attacks, XSS, broken authentication, and access control issues. ## When to Use This Workflow Use this workflow when: - Testing web application security - Performing OWASP Top 10 assessment - Conducting penetration tests - Validating security controls - Bug bounty hunting ## Workflow Phases ### Phase 1: Reconnaissance #### Skills to Invoke - `scanning-tools` - Security scanning - `top-web-vulnerabilities` - OWASP knowledge #### Actions 1. Map application surface 2. Identify technologies 3. Discover endpoints 4. Find subdomains 5. Document findings #### Copy-Paste Prompts ``` Use @scanning-tools to perform web application reconnaissance ``` ### Phase 2: Injection Testing #### Skills to Invoke - `sql-injection-testing` - SQL injection - `sqlmap-database-pentesting` - SQLMap #### Actions 1. Test SQL injection 2. Test NoSQL injection 3. Test command injection 4. Test LDAP injection 5. Document vulnerabilities #### Copy-Paste Prompts ``` Use @sql-injection-testing to test for SQL injection ``` ``` Use @sqlmap-database-pentesting to automate SQL injection testing ``` ### Phase 3: XSS Testing #### Skills to Invoke - `xss-html-injection` - XSS testing - `html-injection-testing` - HTML injection #### Actions 1. Test reflected XSS 2. Test stored XSS 3. Test DOM-based XSS 4. Test XSS filters 5. Document findings #### Copy...