agamm/claude-code-owasp

# GitHub Repository: agamm/claude-code-owasp

**URL:** https://github.com/agamm/claude-code-owasp
**Author:** agamm
**Description:** Claude Code skill for OWASP security best practices (2025-2026). Includes Top 10:2025, ASVS 5.0, Agentic AI security, and 20+ language-specific security quirks.
**Homepage:** 
**Language:** 

## Stats
- Stars: 239
- Forks: 25
- Open Issues: 0
- Commits: 12
- Created: 2026-01-30T03:13:47Z
- Updated: 2026-06-18T00:20:21Z
- Pushed: 2026-06-16T05:27:16Z

## README
# OWASP Security Skill for Claude Code

[![Sponsor](https://readme-cash--readme-cash.us-central1.hosted.app/i/y3cj0enb1k.svg)](https://readme-cash--readme-cash.us-central1.hosted.app/c/y3cj0enb1k)

A Claude Code skill providing the latest OWASP security best practices (2025-2026) for developers building secure applications.

## Quick Install

The skill is a directory (`SKILL.md` plus on-demand `reference/` files), so install the whole
folder. The easiest way is [`degit`](https://github.com/Rich-Harris/degit), which copies a
GitHub subdirectory without the `.git` history:

```bash
npx degit agamm/claude-code-owasp/.claude/skills/owasp-security .claude/skills/owasp-security
```

Or install globally for all projects:

```bash
npx degit agamm/claude-code-owasp/.claude/skills/owasp-security ~/.claude/skills/owasp-security
```

## What's Included

### Claude Code Skill
Location: `.claude/skills/owasp-security/`

`SKILL.md` (the always-loaded core):
- **OWASP Top 10:2025** quick reference table
- **Security code review checklists** for input handling, auth, access control, data protection, and error handling
- **Secure code patterns** with unsafe/safe examples
- **OWASP Top 10 for LLM Applications (2025)** - LLM01-LLM10 risks for chatbots, RAG, and tool-calling apps
- **OWASP Agentic AI Security (2026)** - ASI01-ASI10 risks for AI agent systems
- **ASVS 5.0** key requirements by verification level
- **Deep security analysis mindset** for any language

`reference/` (loaded on demand, following Claude Code progressive-disclosure best practices):
- **`languages.md`** - language-specific security quirks for 20+ languages with unsafe/safe examples
- **`owasp-report.md`** - comprehensive deep-dive on every OWASP 2025-2026 standard

## Usage

Once installed, Claude Code automatically activates this skill when you:
- Review code for security vulnerabilities
- Implement authentication or authorization
- Handle user input or external data
- Work with cryptography or password storage
- Design API endpoints
- Build AI agent systems

### Example Prompts
```
"Review this code for security issues"
"Is this authentication implementation secure?"
"What are the security risks in this Python code?"
"Help me implement secure session management"
"Check this AI agent for OWASP agentic risks"
```

## Covered Standards

| Standard | Version | Focus |
|----------|---------|-------|
| OWASP Top 10 | 2025 | Web application vulnerabilities |
| OWASP ASVS | 5.0.0 | Security verification requirements |
| OWASP Top 10 for LLM Apps | 2025 | LLM/RAG/tool-calling app risks |
| OWASP Agentic | 2026 | AI agent security risks |

## Language Coverage

Security quirks for 20+ languages including:

| Web | Systems | Mobile | Scripting |
|-----|---------|--------|-----------|
| JavaScript/TypeScript | C/C++ | Swift | Python |
| PHP | Rust | Kotlin | Ruby |
| Java | Go | Dart | Perl |
| C# | | | Shell |

Each language section includes common vulnerabilities, unsafe/safe code patterns, and key functions to watch for.

## Alternative Installation

### Clone Full Repository
```bash
git clone https://github.com/agamm/claude-code-owasp.git
cp -r claude-code-owasp/.claude/skills/owasp-security YOUR_PROJECT/.claude/skills/
```

## Contributing

Contributions welcome! Please:
1. Fork the repository
2. Create a feature branch
3. Submit a pull request

## Sources

- [OWASP Top 10:2025](https://owasp.org/Top10/)
- [OWASP ASVS 5.0](https://owasp.org/www-project-application-security-verification-standard/)
- [OWASP Top 10 for LLM Applications 2025](https://genai.owasp.org/llm-top-10/)
- [OWASP Top 10 for Agentic Applications 2026](https://genai.owasp.org/)
- [OWASP Cheat Sheet Series](https://cheatsheetseries.owasp.org/)

## License

MIT License - See LICENSE file for details.

---

**Keywords:** OWASP, security, Claude Code, AI security, application security, ASVS, secure coding, vulnerability, injection, XSS, CSRF, authentication, authorization