performing-web-application-penetration-test

Featured

Performs systematic security testing of web applications following the OWASP Web Security Testing Guide (WSTG) methodology to identify vulnerabilities in authentication, authorization, input validation, session management, and business logic. The tester uses Burp Suite as the primary interception proxy alongside manual testing techniques to find flaws that automated scanners miss. Activates for requests involving web app pentest, OWASP testing, application security assessment, or web vulnerability testing.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Performing Web Application Penetration Test ## When to Use - Testing web applications before production deployment to identify exploitable vulnerabilities - Conducting compliance-driven security assessments (PCI-DSS requirement 6.6, SOC 2 Type II) - Validating remediation of previously identified web application vulnerabilities during retesting - Assessing third-party web applications before integration into the organization's environment - Evaluating custom-developed web applications where automated scanning alone is insufficient **Do not use** against web applications without written authorization, against production systems during peak traffic hours without explicit approval, or for denial-of-service testing of web infrastructure. ## Prerequisites - Signed statement of work (SoW) defining the target application URLs, environments (staging/production), and testing boundaries - Burp Suite Professional license with up-to-date extensions (Active Scan++, Autorize, JSON Beautifier, Logger++) - Valid test accounts at each privilege level (unauthenticated, standard user, administrator) for authorization testing - Application documentation including API specifications (OpenAPI/Swagger), sitemap, and technology stack details - Browser configured with Burp Suite proxy (FoxyProxy recommended) and Burp CA certificate installed ## Workflow ### Step 1: Reconnaissance and Application Mapping Map the entire attack surface of the web application: - Configure Burp Suite proxy and ...

Details

Author: mukul975
Repository: mukul975/Anthropic-Cybersecurity-Skills
Created: 3 months ago
Last Updated: today
Language: Python
License: Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

Testing & QA Featured

burp-suite-testing

Execute comprehensive web application security testing using Burp Suite's integrated toolset, including HTTP traffic interception and modification, request analysis and replay, automated vulnerability scanning, and manual testing workflows.

39,227 Updated today

sickn33

Web & Frontend Solid

burp-suite-web-application-testing

This skill should be used when the user asks to "intercept HTTP traffic", "modify web requests", "use Burp Suite for testing", "perform web vulnerability scanning", "test with Burp Repeater", "analyze HTTP history", or "configure proxy for web testing". It provides comprehensive guidance for using Burp Suite's core features for web application security testing.

27,681 Updated today

davila7

Web & Frontend Solid