Security Skill
Capabilities
Reconnaissance
- •Subdomain enumeration
- •DNS analysis
- •WHOIS lookup
- •Port scanning
- •ASN mapping
- •Technology fingerprinting
Web Assessment (OWASP)
- •Authentication testing
- •Authorization testing
- •Input validation
- •Session management
- •Error handling
- •Cryptography review
Threat Modeling
- •STRIDE framework
- •Attack surface mapping
- •Risk assessment matrix
- •Mitigation recommendations
Tools
Use these CLI tools when available:
- •
nmap— Port scanning - •
ffuf— Web fuzzing - •
dig/whois— DNS/WHOIS - •
curl— HTTP testing - •
jq— JSON parsing
Rules
- •Only perform authorized testing
- •Document all findings with evidence
- •Rate severity: Critical > High > Medium > Low > Info
- •Provide remediation for each finding