{"skill":{"slug":"bookforge-source-code-security-review","displayName":"Source Code Security Review","summary":"Perform a systematic white-box security review of web application source code to find exploitable vulnerabilities. Use this skill when: you have authorized a...","tags":{"appsec":"1.0.0","aspnet":"1.0.0","backdoor":"1.0.0","bookforge":"1.0.0","buffer-overflow":"1.0.0","code-review":"1.0.0","command-injection":"1.0.0","cwe-120":"1.0.0","cwe-134":"1.0.0","cwe-22":"1.0.0","cwe-601":"1.0.0","cwe-78":"1.0.0","cwe-79":"1.0.0","cwe-798":"1.0.0","cwe-89":"1.0.0","java":"1.0.0","javascript":"1.0.0","latest":"1.0.0","open-redirect":"1.0.0","path-traversal":"1.0.0","penetration-testing":"1.0.0","perl":"1.0.0","php":"1.0.0","source-code-analysis":"1.0.0","sql-injection":"1.0.0","white-box-testing":"1.0.0","xss":"1.0.0"},"stats":{"comments":0,"downloads":28,"installsAllTime":0,"installsCurrent":0,"stars":0,"versions":1},"createdAt":1777463006518,"updatedAt":1777463209283},"latestVersion":{"version":"1.0.0","createdAt":1777463006518,"changelog":"Initial release — introduces a structured, methodology-driven skill for white-box source code security review:\n\n- Systematically analyzes web application source code to identify vulnerabilities across 8 critical categories (XSS, SQL injection, path traversal, open redirect, OS command injection, backdoor credentials, native code issues, incriminating comments).\n- Uses a three-phase workflow: (1) map user-input entry points; (2) trace data flow to dangerous sink APIs; (3) perform line-by-line review of high-risk components.\n- Supports major web platforms (Java, ASP.NET, PHP, Perl, JavaScript) and covers both server-side and client-side code.\n- Includes review of database stored procedures, environment configuration files, and custom application wrappers.\n- Outputs a prioritized, evidence-based findings report mapped to relevant CWE identifiers.\n- Designed for penetration testers, appsec engineers, and experienced developers conducting authorized security audits.","license":"MIT-0"},"metadata":{"os":null,"systems":null},"owner":{"handle":"quochungto","userId":"s176b6gfk8djgcz320d83ta4e184bx1v","displayName":"Hung Quoc To","image":"https://avatars.githubusercontent.com/u/88069966?v=4"},"moderation":null}