Download

Skill UI

Browse and discover 9621+ curated skills

All Development Artificial Intelligence Design & Creative Product & Business Data Science Marketing Soft Skills Productivity Engineering Languages

Search UI Testing , found 455 results

Default Newest Most Downloaded

Business Logic Vulnerability Router

business-logic-vuln

yaklang/hack-skills

This router guides the testing of systemic flaws in business processes and state machines. It is essential when vulnerabilities stem from workflow abuse, race conditions, pricing flaws, or multi-step state attacks, rather than simple input sanitation issues. Use it to test complex business flows like payments, inventory management, and approval sequences.

Business Logic Vulnerability Expert Playbook

business-logic-vulnerabilities

yaklang/hack-skills

This playbook is designed for advanced vulnerability assessment, covering flaws invisible to automated scanners. It guides testing for race conditions, complex workflow bypasses, state machine manipulation, financial parameter tampering (e.g., price/quantity manipulation), and coupon/credit abuse in multi-step applications. Essential for deep manual security testing.

Cross-Origin Misconfiguration Testing Guide

cors-cross-origin-misconfiguration

yaklang/hack-skills

This comprehensive playbook guides the testing of Cross-Origin Resource Sharing (CORS) misconfigurations. It focuses on detecting critical vulnerabilities such as reflected origins, wildcard trust misuse, credentialed cross-origin reads, and bypasses in origin allowlists. Use this when analyzing browser-based access and trust boundaries for authenticated APIs.

Advanced Content Security Policy Bypass Techniques

csp-bypass-advanced

yaklang/hack-skills

This comprehensive guide details advanced techniques for circumventing Content Security Policies (CSP). It covers exploiting weaknesses in critical directives (e.g., base-uri, object-src), abusing nonces, leveraging trusted CDN endpoints, and executing code despite strict controls like script-src 'self' or 'strict-dynamic'. Essential knowledge for deep security auditing and penetration testing.

File Access and Upload Vulnerability Router

file-access-vuln

yaklang/hack-skills

This router entry point is designed for comprehensive testing of file access, download endpoints, and file upload workflows. Use this guide when validating file paths, detecting Local File Inclusion (LFI), or analyzing vulnerabilities in preview, storage, or extraction processes. It helps categorize whether the security issue relates to path traversal or insecure data processing chains.

GraphQL And Undocumented Parameter Testing

graphql-and-hidden-parameters

yaklang/hack-skills

A comprehensive playbook for advanced API security testing targeting GraphQL and REST APIs. It guides users through schema introspection, discovering hidden or undocumented fields, analyzing batching capabilities, and identifying authorization gaps (like IDORs). Essential for deep reconnaissance and identifying privilege escalation vectors.

IDOR and Object Authorization Testing Playbook

idor-broken-object-authorization

yaklang/hack-skills

An expert playbook for systematically testing Insecure Direct Object References (IDOR) and Broken Object/Function Level Authorization (BOLA/BFLA). This guide covers finding object identifiers across all request vectors (URL, body, headers, cookies), implementing A-B testing methodologies, identifying various ID patterns, and executing horizontal or vertical privilege escalation attacks. Essential for deep API security auditing.

Injection Testing Router Guide

injection-checking

yaklang/hack-skills

This router serves as the main entry point for comprehensive injection testing. It helps security professionals classify dangerous input flows—such as XSS, SQLi, SSRF, XXE, etc.—by determining the final sink or interpreter (e.g., browser context, database, XML parser, shell). Use it when unsure which specific injection vector to prioritize.

macOS Security Bypass Techniques Playbook

macos-security-bypass

yaklang/hack-skills

A comprehensive playbook detailing advanced techniques for bypassing core macOS security features, including TCC, Gatekeeper, SIP, and sandbox restrictions. This guide is essential for authorized red team operations and penetration testing targeting macOS endpoints, covering methods like direct database manipulation, extended attribute removal, and privilege escalation paths.

OAuth/OIDC Misconfiguration Security Review

oauth-oidc-misconfiguration

yaklang/hack-skills

A comprehensive playbook for testing security flaws in OAuth 2.0 and OpenID Connect (OIDC) implementations. Use this guide to systematically check for misconfigurations in redirect URI handling, state and nonce validation, PKCE enforcement, token audience/issuer checks, and account binding vulnerabilities. Essential for reviewing applications linked to external identity providers.

Offensive Business Logic Flaw Testing

offensive-business-logic

SnailSploit/Claude-Red

A comprehensive methodology for identifying critical vulnerabilities in transactional applications (e-commerce, fintech, SaaS). This goes beyond standard OWASP Top 10 checks, focusing on flaws like workflow bypass, state machine violations, price manipulation, and role boundary abuse. It guides testers to map application flows, identify hidden endpoints, and quantify the potential financial impact of logic failures.

Security Reconnaissance and Testing Methodology Router

yaklang/hack-skills

This router serves as the initial guide for comprehensive security assessments on new targets or unknown attack surfaces. It helps users map the scope, discover hidden assets, perform detailed technology fingerprinting, build endpoint inventories, and strategically plan the optimal testing path before diving into specific vulnerability checks (e.g., API, Auth, Injection).

Prev 1 2 3...34 35 363738 Next

Language