Search Skills
Search across 54932 indexed skills
testing-for-xxe-injection-vulnerabilities
During authorized penetration tests when the application processes XML input (SOAP APIs, file uploads, RSS feeds) When testing APIs that accept Conten...
testing-websocket-api-security
Assessing real-time communication APIs that use WebSocket (ws://) or Secure WebSocket (wss://) protocols Testing for Cross-Site WebSocket Hijacking (C...
testing-for-sensitive-data-exposure
During authorized penetration tests when assessing data protection controls When evaluating applications for GDPR, PCI DSS, HIPAA, or other data prote...
testing-mobile-api-authentication
Use this skill when: Assessing mobile app backend API authentication during penetration tests Testing JWT token implementation for common vulnerabilit...
testing-for-xml-injection-vulnerabilities
When testing applications that process XML input (SOAP APIs, XML-RPC, file uploads) During penetration testing of applications with XML parsers When a...
testing-for-xss-vulnerabilities
Testing web applications for client-side injection vulnerabilities as part of OWASP WSTG testing Evaluating the effectiveness of input sanitization an...
testing-api-authentication-weaknesses
Assessing REST API authentication mechanisms for bypass vulnerabilities before production deployment Testing JWT token implementation for common weakn...
testing-for-host-header-injection
When testing password reset functionality for token theft via host manipulation During assessment of web caching behavior influenced by Host header va...
testing-api-for-mass-assignment-vulnerability
Testing API endpoints that accept JSON/XML request bodies for user profile updates, registration, or object creation Assessing whether the API binds a...
testing-for-xss-vulnerabilities-with-burpsuite
During authorized web application penetration testing to find reflected, stored, and DOM-based XSS When validating XSS findings reported by automated ...
testing-for-email-header-injection
When testing contact forms, feedback forms, or "email a friend" functionality During assessment of password reset email functionality When testing new...
testing-api-for-broken-object-level-authorization
Assessing REST or GraphQL APIs that use object identifiers in URL paths, query parameters, or request bodies Performing OWASP API Security Top 10 asse...