Skip to main content
jeremylongshore

security-test-scanner

by jeremylongshorev1.0.0

Automated security vulnerability testing covering OWASP Top 10, SQL injection, XSS, CSRF, and authentication issues

Installation guide →
1 skilltesting GitHub

Documentation

# Security Test Scanner Plugin

Automated security vulnerability testing covering OWASP Top 10, SQL injection, XSS, CSRF, authentication issues, and authorization flaws.

## Features

- **OWASP Top 10 testing** - Complete coverage of critical web vulnerabilities
- **Injection testing** - SQL, NoSQL, command, LDAP, template injection
- **XSS detection** - Reflected, stored, and DOM-based XSS
- **Authentication testing** - Weak passwords, session management, JWT flaws
- **Authorization testing** - Privilege escalation, IDOR, access control
- **Security misconfiguration** - Default credentials, verbose errors, headers
- **API security** - Rate limiting, CORS, input validation
- **Comprehensive reporting** - Severity ratings, PoC, remediation steps

## Installation

```bash
/plugin install security-test-scanner@claude-code-plugins-plus
```

## Usage

The security scanner agent activates when discussing security testing:

```
Test the API for SQL injection vulnerabilities
Generate security tests for the authentication system
Check for OWASP Top 10 vulnerabilities in the application
Scan for XSS vulnerabilities in the comment system
```

## Vulnerability Coverage

### OWASP Top 10 (2021)

1. **A01: Broken Access Control** - Authorization bypass, privilege escalation
2. **A02: Cryptographic Failures** - Weak encryption, exposed data
3. **A03: Injection** - SQL, NoSQL, command injection
4. **A04: Insecure Design** - Design flaws, missing controls
5. **A05: Security Misconfiguration** - Defaults, verbose errors
6. **A06: Vulnerable Components** - Outdated dependencies, CVEs
7. **A07: Authentication Failures** - Weak passwords, sessions
8. **A08: Integrity Failures** - Insecure deserialization
9. **A09: Logging Failures** - Missing logs, monitoring
10. **A10: SSRF** - Server-side request forgery

## Test Examples

### SQL Injection Tests

```javascript
describe('SQL Injection Prevention', () => {
  const sqlPayloads = [
    "' OR '1'='1",
    "'; DROP TABLE users--",
    "' UNION SELECT * FROM passwords--",
    "admin'--"
  ];

  sqlPayloads.forEach(payload => {
    it(`should block SQL injection: ${payload}`, async () => {
      const response = await api.get(`/api/users?query=${payload}`);
      expect(response.status).not.toBe(200);
      expect(response.data).not.toContain('SQL');
    });
  });
});
```

### XSS Prevention Tests

```javascript
describe('XSS Prevention', () => {
  it('should sanitize script tags in user input', async () => {
    const xssPayload = '<script>alert("XSS")</script>';
    const response = await api.post('/api/comments', { text: xssPayload });

    const comment = await api.get(`/api/comments/${response.data.id}`);
    expect(comment.data.text).not.toContain('<script>');
  });
});
```

### Authentication Tests

```javascript
describe('Authentication Security', () => {
  it('should prevent brute force attacks', async () => {
    const attempts = Array(10).fill().map(() =>
      api.post('/api/auth/login', { email: '[email protected]', password: 'wrong' })
    );

    const responses = await Promise.all(attempts);
    expect(responses[9].status).toBe(429); // Rate limited
  });

  it('should reject expired JWT tokens', async () => {
    const expiredToken = 'expired.jwt.token';
    const response = await api.get('/api/users/me', {
      headers: { Authorization: `Bearer ${expiredToken}` }
    });
    expect(response.status).toBe(401);
  });
});
```

### Authorization Tests

```javascript
describe('Authorization Security', () => {
  it('should prevent horizontal privilege escalation', async () => {
    const userAToken = await loginAs('[email protected]');
    const response = await api.get('/api/users/user-b-id', {
      headers: { Authorization: `Bearer ${userAToken}` }
    });
    expect(response.status).toBe(403);
  });

  it('should prevent vertical privilege escalation', async () => {
    const userToken = await loginAs('[email protected]');
    const response = await api.delete('/api/admin/users', {
      headers: { Authorization: `Bearer ${userToken}` }
    });
    expect(response.status).toBe(403);
  });
});
```

## Security Report

The plugin generates detailed security reports:

```
Security Test Report
====================
Date: 2025-10-11
Application: API v2.0
Tests Run: 87
Vulnerabilities: 5

CRITICAL (1)
   SQL Injection in /api/users/search
     CVSS: 9.8
     Impact: Database access, data exfiltration
     PoC: GET /api/users/search?query=' OR '1'='1'--
     Fix: Use parameterized queries or ORM

HIGH (2)
  ️ Missing authentication on /api/admin/*
     CVSS: 8.5
     Impact: Unauthorized admin access
     Fix: Add authentication middleware

  ️ Weak password policy
     CVSS: 7.5
     Impact: Account takeover via brute force
     Fix: Enforce 12+ chars, complexity

MEDIUM (2)
  ️ Missing rate limiting on login
     CVSS: 5.5
     Impact: Brute force attacks
     Fix: Implement rate limiting

  ️ Verbose error messages
     CVSS: 4.5
     Impact: Information disclosure
     Fix: Generic errors in production

PASSED (82)
   XSS prevention
   CSRF protection
   Security headers
   HTTPS enforced
   Session timeout
```

## Severity Ratings

- **CRITICAL** - Immediate exploitation, severe impact
- **HIGH** - Easy exploitation, significant impact
- **MEDIUM** - Moderate difficulty, limited impact
- **LOW** - Difficult exploitation, minimal impact
- **INFO** - No direct security impact

## Best Practices

- **Test ethically** - Only test authorized systems
- **Use test environments** - Never test production without permission
- **Document findings** - Clear, actionable reports
- **Prioritize fixes** - Critical first, then high
- **Verify remediation** - Retest after fixes
- **Stay updated** - Track new CVEs and vulnerabilities
- **Responsible disclosure** - Report privately to maintainers

## Requirements

- Claude Code CLI
- Testing framework (Jest, pytest, RSpec, etc.)
- HTTP client library
- Test environment access

## Tools Integration

The plugin works with popular security tools:

- **OWASP ZAP** - Dynamic security testing
- **Burp Suite** - Web vulnerability scanner
- **Snyk** - Dependency vulnerability scanning
- **npm audit / pip-audit** - Package vulnerabilities
- **SonarQube** - Static analysis security testing

## Tips

1. **Start with automated scans** - Use tools for quick wins
2. **Manual testing is critical** - Logic flaws need human analysis
3. **Test as an attacker** - Think about exploitation paths
4. **Check dependencies** - Old packages have known CVEs
5. **Review authentication** - Common vulnerability area
6. **Test authorization** - Often overlooked
7. **Validate input everywhere** - Client and server side

## License

MIT