agamm/claude-code-owasp
Claude Code skill for OWASP security best practices (2025-2026). Includes Top 10:2025, ASVS 5.0, Agentic AI security, and 20+ language-specific security quirks.
OWASP Security Skill for Claude Code
A Claude Code skill providing the latest OWASP security best practices (2025-2026) for developers building secure applications.
Quick Install (One Line)
Add this skill to any project with a single command:
curl -sL https://raw.githubusercontent.com/agam/claude-code-owasp/main/.claude/skills/owasp-security/SKILL.md -o .claude/skills/owasp-security/SKILL.md --create-dirsOr install globally for all projects:
curl -sL https://raw.githubusercontent.com/agam/claude-code-owasp/main/.claude/skills/owasp-security/SKILL.md -o ~/.claude/skills/owasp-security/SKILL.md --create-dirsWhat's Included
Claude Code Skill
Location: .claude/skills/owasp-security/SKILL.md
- OWASP Top 10:2025 quick reference table
- Security code review checklists for input handling, auth, access control, data protection, and error handling
- Secure code patterns with unsafe/safe examples
- OWASP Agentic AI Security (2026) - ASI01-ASI10 risks for AI agent systems
- ASVS 5.0 key requirements by verification level
- Language-specific security quirks for 20+ languages with deep analysis guidance
Research Report
Location: OWASP-2025-2026-Report.md
Comprehensive documentation covering all OWASP 2025-2026 standards.
Usage
Once installed, Claude Code automatically activates this skill when you:
- Review code for security vulnerabilities
- Implement authentication or authorization
- Handle user input or external data
- Work with cryptography or password storage
- Design API endpoints
- Build AI agent systems
Example Prompts
"Review this code for security issues"
"Is this authentication implementation secure?"
"What are the security risks in this Python code?"
"Help me implement secure session management"
"Check this AI agent for OWASP agentic risks"
Covered Standards
| Standard | Version | Focus |
|---|---|---|
| OWASP Top 10 | 2025 | Web application vulnerabilities |
| OWASP ASVS | 5.0.0 | Security verification requirements |
| OWASP Agentic | 2026 | AI agent security risks |
Language Coverage
Security quirks for 20+ languages including:
| Web | Systems | Mobile | Scripting |
|---|---|---|---|
| JavaScript/TypeScript | C/C++ | Swift | Python |
| PHP | Rust | Kotlin | Ruby |
| Java | Go | Dart | Perl |
| C# | Shell |
Each language section includes common vulnerabilities, unsafe/safe code patterns, and key functions to watch for.
Alternative Installation
Clone Full Repository
git clone https://github.com/agamm/claude-code-owasp.git
cp -r claude-code-owasp/.claude/skills/owasp-security YOUR_PROJECT/.claude/skills/Contributing
Contributions welcome! Please:
- Fork the repository
- Create a feature branch
- Submit a pull request
Sources
- OWASP Top 10:2025
- OWASP ASVS 5.0
- OWASP Top 10 for Agentic Applications 2026
- OWASP Cheat Sheet Series
License
MIT License - See LICENSE file for details.
Keywords: OWASP, security, Claude Code, AI security, application security, ASVS, secure coding, vulnerability, injection, XSS, CSRF, authentication, authorization