Security specialty

Application Security

Browse every cataloged workflow for application security, with source context, tags, and security framework mappings intact.

Complete collection

Skills in this domain

4 skills

cybersecuritySkill

Implementing DevSecOps Security Scanning

Integrates Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) into CI/CD pipelines using open-source tools. Covers Semgrep for SAST, Trivy for SCA and container scanning, OWASP ZAP for DAST, and Gitleaks for secrets detection. Activates for requests involving DevSecOps pipeline setup, automated security scanning in CI/CD, SAST/DAST/SCA integration, or shift-left security implementation.

Application Security
ci-cddastdevsecopsgitleaks+6
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Runtime Application Self-Protection

Deploy Runtime Application Self-Protection (RASP) agents to detect and block attacks from within application runtime, covering OpenRASP integration, attack pattern detection, and security policy configuration for Java and Python web applications.

Application Security
application-securitydevsecopsopenrasprasp+4
ATT&CK, 4 mappingsNIST CSF, 4 mappingsAI RMF, 3 mappings
cybersecuritySkill

Performing Fuzzing with AFL++

Perform coverage-guided fuzzing of compiled binaries using AFL++ (American Fuzzy Lop Plus Plus) to discover memory corruption, crashes, and security vulnerabilities. The tester instruments target binaries with afl-cc/afl-clang-fast, manages input corpora with afl-cmin and afl-tmin, runs parallel fuzzing campaigns with afl-fuzz, and triages crashes using CASR or GDB scripts. Activates for requests involving binary fuzzing, crash discovery, coverage-guided testing, or AFL++ fuzzing campaigns.

Application Security
aflplusplusbinary-analysiscoverage-guidedcrash-triage+2
ATT&CK, 4 mappingsNIST CSF, 4 mappingsATLAS, 3 mappingsAI RMF, 3 mappings
cybersecuritySkill

Performing Supply Chain Attack Simulation

Simulate and detect software supply chain attacks including typosquatting detection via Levenshtein distance, dependency confusion testing against private registries, package hash verification with pip, and known vulnerability scanning with pip-audit.

Application Security
dependency-confusionpackage-verificationpip-auditpypi+3
ATT&CK, 8 mappingsNIST CSF, 4 mappings