Security Testing

English | 简体中文

Module Overview

The Security Testing module provides comprehensive security testing guidance, helping testing teams identify vulnerabilities, assess security risks, and ensure applications are protected against security threats and attacks.

Core Features

🔒 Security Testing Types

• Vulnerability Assessment: Identify security weaknesses
• Penetration Testing: Simulate real-world attacks
• Security Scanning: Automated vulnerability scanning
• Code Review: Security-focused code analysis

🎯 OWASP Top 10 Coverage

• Injection Attacks: SQL, NoSQL, OS command injection
• Broken Authentication: Authentication and session management flaws
• Sensitive Data Exposure: Inadequate data protection
• XML External Entities (XXE): XML processing vulnerabilities

🔍 Testing Approaches

• Static Analysis: Source code security analysis (SAST)
• Dynamic Analysis: Runtime security testing (DAST)
• Interactive Analysis: Combined SAST and DAST (IAST)
• Manual Testing: Expert-driven security assessment

🌐 Security Domains

• Web Security: XSS, CSRF, clickjacking
• API Security: Authentication, authorization, rate limiting
• Mobile Security: App security, data storage, communication
• Network Security: SSL/TLS, firewall, DDoS protection

File Description

Chinese Prompts

• File: SecurityTestingPrompt.md
• Role: Senior Security Testing Expert (10+ years experience)
• Use Case: Chinese project teams, security testing requirements

English Prompts

• File: SecurityTestingPrompt_EN.md
• Role: Senior Security Testing Expert
• Use Case: International teams, English project environments

Lite Version Prompts

• File: SecurityTestingPrompt_Lite.md / SecurityTestingPrompt_Lite_EN.md
• Features: Quick start, focused on core security testing concepts
• Use Case: Quick security assessment and basic testing

Usage Guide

Quick Start

1. Select Prompt File

   • Full Version: Comprehensive security testing strategy
   • Lite Version: Quick security assessment and validation

2. Prepare Input Materials

   Application Type: [Web/API/Mobile/Desktop]
   Security Requirements: [Compliance standards, security policies]
   Threat Model: [Potential threats and attack vectors]
   Test Scope: [Features and components to test]

3. Get Security Test Plan

   • Vulnerability assessment strategy
   • Penetration testing approach
   • Security tool recommendations
   • Remediation priorities

Related Modules

• API Testing - API security testing
• Automation Testing - Security test automation
• Test Strategy - Security testing strategy

Learning Resources

Recommended Books

• "The Web Application Hacker's Handbook"
• "OWASP Testing Guide"
• "Security Testing Handbook"

Online Resources

• OWASP
• PortSwigger Web Security Academy
• HackerOne Resources

Contribution Guide

Welcome to contribute to the Security Testing module:

1. Share Cases: Share security testing cases and findings
2. Tool Reviews: Review security testing tools
3. Best Practices: Share security testing best practices
4. Vulnerability Research: Share latest vulnerability information

License

This module follows the MIT License. See the LICENSE file in the project root directory for details.

---

Secure applications, protect users! 🔒✨