zhongwei/gh-greyhaven-ai-claude-code-config-grey-haven-plugins-security
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5f6dacc74bd68438f0a288e40c025852181e4cb9
gh-greyhaven-ai-claude-code…/skills/security-analysis/examples/INDEX.md
Zhongwei Li 5f6dacc74b Initial commit
2025-11-29 18:29:28 +08:00

3.5 KiB
Raw Blame History

Security Vulnerability Examples

Real-world vulnerability examples with exploitation scenarios, CVSS scores, and complete remediations.

Examples Overview

SQL Injection (A03)

File: sql-injection.md

Critical database security vulnerabilities:

  • SQL injection attack scenarios
  • Blind SQL injection techniques
  • Parameterized query solutions
  • ORM best practices
  • Input validation patterns
  • CVSS 9.8 (Critical) examples

Use when: Building database queries, API endpoints with user input, search functionality.

Cross-Site Scripting - XSS (A03)

File: xss-vulnerabilities.md

XSS attack vectors and prevention:

  • Reflected XSS exploitation
  • Stored XSS persistence attacks
  • DOM-based XSS scenarios
  • Output encoding solutions
  • Content Security Policy (CSP)
  • CVSS 7.1 (High) examples

Use when: Rendering user-generated content, building search features, dynamic HTML generation.

Authentication Bypass (A07)

File: authentication-bypass.md

Authentication and session security flaws:

  • JWT algorithm confusion attacks
  • Session fixation exploitation
  • Weak password policies
  • Missing MFA vulnerabilities
  • Secure authentication implementation
  • CVSS 8.1 (High) examples

Use when: Implementing login systems, session management, API authentication, OAuth flows.

Secrets Exposure (A02)

File: secrets-exposure.md

Hardcoded credentials and secret management:

  • API key exposure detection
  • Hardcoded password patterns
  • Environment variable best practices
  • Doppler/Vault integration
  • Git secret scanning
  • CVSS 9.1 (Critical) examples

Use when: Managing configuration, deploying applications, working with third-party APIs.

Dependency Vulnerabilities (A06)

File: dependency-vulnerabilities.md

Supply chain and dependency security:

  • Known CVE exploitation
  • Outdated package detection
  • npm audit / pip-audit usage
  • Dependency update strategies
  • Lock file security
  • CVSS varies by CVE

Use when: Adding dependencies, updating packages, conducting security audits.

OWASP Top 10 Coverage

Vulnerability Example File CVSS Range Frequency
A01: Broken Access Control (Covered in auth-bypass) 6.5-8.8 Very High
A02: Cryptographic Failures secrets-exposure.md 7.5-9.8 High
A03: Injection sql-injection.md, xss-vulnerabilities.md 7.3-9.8 High
A04: Insecure Design (Threat modeling reference) Varies Medium
A05: Security Misconfiguration (Reference docs) 5.3-7.5 High
A06: Vulnerable Components dependency-vulnerabilities.md 4.0-10.0 Very High
A07: Auth Failures authentication-bypass.md 6.5-9.1 High
A08: Data Integrity (Reference docs) 7.5-8.8 Medium
A09: Logging Failures (Reference docs) 5.3-6.5 Medium
A10: SSRF (Reference docs) 6.4-9.6 Medium

Severity Guide

  • Critical (9.0-10.0): Immediate exploitation, severe impact
  • High (7.0-8.9): Easy exploitation, significant impact
  • Medium (4.0-6.9): Moderate difficulty, limited impact
  • Low (0.1-3.9): Difficult exploitation, minimal impact

Navigation

Return to main agent

Reference in New Issue View Git Blame Copy Permalink