Skill UI

This comprehensive checklist details how to test for XML External Entity (XXE) injection vulnerabilities. It covers classic, blind, error-based, and out-of-band techniques, enabling testers to identify weaknesses in XML parsers. The methodology includes finding various injection points (e.g., file uploads, SOAP/REST endpoints) and exploiting potential risks like file disclosure, SSRF, and DoS. Use this guide for robust web application security testing and bug bounty hunting.

This guide provides comprehensive instructions on implementing secure authentication and managing the token lifecycle for the OneNote Graph API. It details the mandatory shift from deprecated app-only authentication to delegated authentication using MSAL, ensuring compliance with modern OAuth 2.0 standards. Key topics include establishing least-privilege permission scopes, handling token renewal, and securely storing credentials using environment variables or Azure Key Vault. Essential for developers building resilient and compliant OneNote integrations.

This skill provides a comprehensive Python guide to building a production-ready Virtual Cloud Network (VCN) on Oracle Cloud Infrastructure (OCI). It details the entire process from scratch, including creating the VCN, setting up Internet and NAT Gateways, configuring route tables, and defining Network Security Groups (NSGs). This is essential for engineers needing to provision complex, secure, and highly functional network architectures for development or production use.

This framework implements the OWASP Top 10 standards, specifically tailored for Agentic Applications. It provides a standardized methodology to classify and map diverse security findings—such as prompt injection, tool misuse, and privilege abuse—to ten core risk categories (ASI01-ASI10). It is essential for security teams to systematically assess, prioritize, and remediate vulnerabilities inherent in complex AI agent systems.

This guide details best practices for securing Persona identity verification implementations. It covers critical security measures such as API key rotation, webhook HMAC verification, encrypting Personally Identifiable Information (PII) at rest, and maintaining comprehensive audit logs. Use this when integrating Persona into a production system requiring high data security and compliance.

This guide provides implementation patterns for secure integration with the Podium API using REST API calls. It focuses on establishing robust connections with OAuth2 authentication for managing core business functions, including messaging, retrieving customer reviews, and processing payments. It also details essential error handling strategies.

Provides foundational knowledge and implementation patterns for connecting to the Procore API. This skill details how to securely implement OAuth2 authentication (using the Client Credentials flow) to manage data in critical construction processes, including project tracking, RFIs, and document submittals.

This guide provides implementation patterns for establishing security basics when working with QuickNode. It details how to utilize blockchain RPC endpoints and the QuickNode SDK for robust Web3 infrastructure integration. Learn best practices for secure connection, understanding error handling (like 401 Unauthorized or rate limiting), and building reliable applications on the Ethereum network.

This skill provides implementation patterns for interacting with the Ramp Developer API, focusing on security basics, OAuth2 authentication, and managing corporate card and expense data. It guides developers through obtaining access tokens, querying card information, and handling common API errors, making it essential for integrating financial sync or expense tracking into custom applications.

This guide implements comprehensive policy guardrails for robust Salesforce integrations. It provides solutions for preventing SOQL injection vulnerabilities, detecting hardcoded credentials, throttling API usage at runtime, and enforcing code quality via custom ESLint rules and CI/CD checks. Use this when building secure, scalable, and compliant Salesforce applications.

A comprehensive guide detailing best practices for securing Salesforce integrations and API access. It covers configuring Connected Apps with minimum OAuth scopes, implementing least privilege access, establishing dedicated integration users, and enforcing Field-Level Security (FLS). Essential knowledge for robust API development, security audits, and maintaining data integrity within the Salesforce ecosystem.

This comprehensive guide outlines best practices for securing SalesLoft API access and integrations. It details secure token lifecycle management (OAuth refresh), implementing robust webhook signature verification using HMAC-SHA256 to prevent replay attacks, and enforcing scope minimization for least-privilege access. Use this when designing production-grade, secure enterprise integrations.