Skill UI

Use Kubesec to analyze Kubernetes manifests for privilege escalation, writable host mounts, and missing security controls, whether locally, in CI/CD, or via its API/plugin integrations.

Automates mass-assignment checks by injecting privileged properties (role, balance, pricing, permissions) into writable JSON/XML API endpoints so security teams can verify OWASP API3 Broken Object Property Level Authorization defenses and spot auto-binding vulnerabilities.

Guides offensive and defensive teams through systematic REST, GraphQL, and gRPC API testing against the OWASP API Security Top 10, covering discovery, authorization flaws, authentication gaps, data exposure, and rate limiting checks with common tooling.

Guides security testers through scanning web apps for leaked API keys, exposed config files, over-verbose responses, and insecure transport to ensure compliance during penetration tests.

A practitioner workflow for assessing JSON Web Token implementations during penetration tests, covering token analysis, algorithm confusion, brute-forcing secrets, and claim manipulation to reveal authentication or authorization weaknesses in APIs and microservices.

Probes WebSocket APIs for auth bypass, CSWSH, injection, DoS flooding, and info leakage by intercepting handshakes/messages with Burp Suite, crafting payloads, and scripting real-time assessments.