Top Web Vulnerabilities

What it does

This skill provides a comprehensive reference for the 100 most critical web application vulnerabilities. It organizes these vulnerabilities into 15 major categories aligned with industry standards and real-world attack patterns. The skill enables systematic vulnerability identification, impact assessment, and remediation guidance to improve overall web security posture.

When to use it

• When conducting a web application security assessment or penetration test.
• To quickly understand the root causes, impacts, and mitigations for common vulnerabilities.
• As a foundation for creating vulnerability assessment checklists and security policies.
• For developers looking to improve their secure coding practices.

Key capabilities

• Comprehensive Vulnerability Catalog: Provides definitions, root causes, impacts, and mitigation strategies for 100 critical web vulnerabilities.
• Category-Based Grouping: Organizes vulnerabilities into 15 major categories for systematic assessment.
• Detailed Explanations: Includes explanations of SQL Injection, Cross-Site Scripting (XSS), Command Injection, XML/LDAP/XPath Injection, and Server-Side Template Injection (SSTI).

Example prompts

• "What is SQL injection and how can I prevent it?"
• "Explain the impact of Cross-Site Scripting vulnerabilities."
• "Describe mitigations for Server-Side Template Injection."

Tips & gotchas

• A basic understanding of web application architecture, common web technologies (HTML, JavaScript, SQL), and authentication/authorization concepts is recommended.
• While helpful, this skill is not a substitute for using dedicated security testing tools like Burp Suite or OWASP ZAP.