vulnerability-patterns | security

Stats

Actions

Tags

vulnerability-patterns | security

Vulnerability Patterns

This skill is an index to modular detection pattern skills. Use the specialized skills for focused scanning.

When to Use This Skill

Finding the right pattern skill - Use this index to route appropriately
Overview of detection capabilities - Quick reference of what's available

When NOT to Use This Skill

Actual vulnerability scanning - Use the specialized skills directly
Remediation guidance - Use remediation-* skills
Full security audits - Use domain auditor agents

Specialized Pattern Skills

`vuln-patterns-core`

Covers: Universal patterns, configuration files, quick scan scripts Languages: All (cross-language patterns) Use when: Scanning any codebase, config audits, hook integration

Includes:

Hardcoded secrets (API keys, AWS keys, private keys)
SQL injection (universal patterns)
Command injection (universal patterns)
Path traversal
Configuration file patterns (.env, Docker)
Quick scan script
Hook integration guidance

`vuln-patterns-languages`

Covers: Language-specific vulnerability patterns Languages: JavaScript/TypeScript, Python, Go, Java, Ruby, PHP Use when: Targeting specific tech stacks, code review

Includes:

JavaScript: eval(), XSS, prototype pollution
Python: pickle, yaml.load, weak crypto
Go: fmt.Sprintf SQL, InsecureSkipVerify
Java: ObjectInputStream, XXE, createStatement
Ruby: backticks, Rails SQL, mass assignment
PHP: unserialize, include, mysql_query

Quick Routing Guide

What You're Looking For	Skill to Use
Hardcoded secrets	`vuln-patterns-core`
SQL injection (any language)	`vuln-patterns-core`
Command injection (any)	`vuln-patterns-core`
Path traversal	`vuln-patterns-core`
Docker/config issues	`vuln-patterns-core`
JavaScript XSS	`vuln-patterns-languages`
Python pickle/yaml	`vuln-patterns-languages`
Java deserialization	`vuln-patterns-languages`
Go TLS issues	`vuln-patterns-languages`
Ruby Rails patterns	`vuln-patterns-languages`
PHP include/require	`vuln-patterns-languages`

Pattern Categories by OWASP

OWASP 2021	Skill	Key Patterns
A01 Access Control	Core + Languages	Path traversal, authorization
A02 Crypto Failures	Languages	MD5, SHA1, weak random
A03 Injection	Core	SQL, command, XSS
A05 Security Misconfig	Core	Debug mode, headers
A07 Auth Failures	Core	Hardcoded credentials
A08 Data Integrity	Languages	Deserialization

Integration

For live security hooks, use vuln-patterns-core which includes:

Hook integration guidance
Pattern matching priorities
False positive mitigation strategies
Quick scan script for rapid detection

See Also

asvs-requirements - Full ASVS requirement details
remediation-library - Index to fix patterns
remediation-injection - Injection fixes
remediation-crypto - Cryptography fixes