AgentSkillsCN

vulnerability-scanner

安全漏洞扫描与 OWASP 指南

SKILL.md
--- frontmatter
name: vulnerability-scanner
description: Security vulnerability scanning and OWASP guidelines

Vulnerability Scanner

Identify and fix security vulnerabilities.


OWASP Top 10

RiskPrevention
InjectionParameterized queries
Broken AuthSecure session management
Sensitive DataEncryption, HTTPS
XXEDisable external entities
Broken AccessRBAC, validate permissions
Security MisconfigSecurity headers
XSSOutput encoding
Insecure DeserializationInput validation
Vulnerable ComponentsUpdate dependencies
Insufficient LoggingAudit logs

Security Checklist

Authentication

  • Passwords hashed (bcrypt/argon2)
  • Session tokens secure
  • Token expiration set
  • Brute force protection

Authorization

  • RBAC implemented
  • Resource-level checks
  • API endpoints protected

Data

  • HTTPS enforced
  • Sensitive data encrypted
  • No secrets in code
  • Input validated

Code Patterns to Avoid

csharp
// ❌ SQL Injection
$"SELECT * FROM Users WHERE Email = '{email}'"

// ✅ Parameterized
"SELECT * FROM Users WHERE Email = @Email"
csharp
// ❌ Hardcoded secret
var secret = "my-secret-key";

// ✅ KeyVault
var secret = Configuration["SecretKey"];

Security Headers

csharp
// Add security headers
app.Use(async (context, next) =>
{
    context.Response.Headers.Add("X-Content-Type-Options", "nosniff");
    context.Response.Headers.Add("X-Frame-Options", "DENY");
    context.Response.Headers.Add("X-XSS-Protection", "1; mode=block");
    await next();
});

Dependency Scanning

bash
# .NET
dotnet list package --vulnerable

# npm
npm audit

DO / DON'T

✅ Do❌ Don't
Validate all inputTrust user data
Use KeyVaultHardcode secrets
Hash passwordsStore plain text
Update dependenciesIgnore vulnerabilities