{"skill":{"slug":"bookforge-access-control-vulnerability-testing","displayName":"Access Control Vulnerability Testing","summary":"Systematically test web application access controls for broken authorization vulnerabilities. Use this skill whenever: performing a penetration test or secur...","tags":{"access-control":"1.0.0","appsec":"1.0.0","authorization":"1.0.0","bookforge":"1.0.0","broken-access-control":"1.0.0","burp-suite":"1.0.0","cwe-284":"1.0.0","cwe-285":"1.0.0","cwe-639":"1.0.0","cwe-862":"1.0.0","cwe-863":"1.0.0","http-methods":"1.0.0","idor":"1.0.0","latest":"1.0.0","multistage-process":"1.0.0","owasp":"1.0.0","penetration-testing":"1.0.0","platform-misconfiguration":"1.0.0","privilege-escalation":"1.0.0","static-files":"1.0.0"},"stats":{"comments":0,"downloads":34,"installsAllTime":0,"installsCurrent":0,"stars":0,"versions":1},"createdAt":1777288086605,"updatedAt":1777288907178},"latestVersion":{"version":"1.0.0","createdAt":1777288086605,"changelog":"Initial release: Comprehensive skill for systematically identifying broken access control vulnerabilities in web applications.\n\n- Covers detection and reporting of vertical and horizontal privilege escalations, IDOR, static file exposure, multistage workflow bypasses, and insecure access models.\n- Aligned with OWASP Testing Guide and relevant CWE categories (CWE-284, CWE-285, CWE-639, CWE-862, CWE-863).\n- Supports both white-box (code review) and black-box (proxy/traffic analysis) methodologies.\n- Integrates with tools like Burp Suite for automated and manual test workflows.\n- Delivers structured findings with evidence, impact analysis, CWE mapping, and remediation recommendations.","license":"MIT-0"},"metadata":{"os":null,"systems":null},"owner":{"handle":"quochungto","userId":"s176b6gfk8djgcz320d83ta4e184bx1v","displayName":"Hung Quoc To","image":"https://avatars.githubusercontent.com/u/88069966?v=4"},"moderation":null}