Run web security assessments
webassessmentskillsetup L2★0
Sheshiyer/skill-clusters ↗What it does
Execute web security assessment workflow end-to-end
Best for
Comprehensive web application penetration testing with structured threat modeling and prioritized exploitation
Inputs
- · Target URL or domain
- · Assessment scope (reconnaissance, threat model, pentest, fuzzing, OSINT)
Outputs
- · Application narrative (summary, user flows, tech stack, attack surface)
- · Threat model (prioritized attack scenarios)
- · Pentest findings with PoCs
- · OWASP/CWE mapped report
Requires
- · Recon skill (SubdomainEnum, EndpointDiscovery, PortScan)
- · FFUF (fuzzing)
- · Playwright (web app testing)
- · SpiderFoot/Maltego (OSINT)
Preconditions
Explicit written authorization; Recon skill available; target accessible
Failure modes
Assessment scope too broad (unfocused effort); missing threat model guidance; unverified claims in report
Trust signals
- · 6-phase pentest methodology (recon -> mapping -> vulnerability -> exploitation -> reporting)
- · Threat model drives testing (not blind fuzzing)
- · OWASP/CWE mapping for findings