Web Vulnerability Assessment
by @krishnakumarmahadevan-cmd
Generate comprehensive web application vulnerability assessments with OWASP-aligned checklists, remediation guides, and testing scripts. Use when assessing w...
clawhub install web-vulnerability-assessmentπ About This Skill
name: web-vulnerability-assessment description: Generate comprehensive web application vulnerability assessments with OWASP-aligned checklists, remediation guides, and testing scripts. Use when assessing web app security, OWASP Top 10 compliance, penetration test scoping, application security review, API security assessment, or vulnerability remediation planning. version: 1.0.0 homepage: https://portal.toolweb.in metadata: openclaw: emoji: "π·οΈ" requires: env: - TOOLWEB_API_KEY bins: - curl primaryEnv: TOOLWEB_API_KEY os: - linux - darwin - win32 category: security
Web Vulnerability Assessment π·οΈπ‘οΈ
Generate comprehensive web application vulnerability assessments aligned to OWASP Top 10 and major compliance frameworks. Covers 19 vulnerability categories across 100+ individual checks. Returns a full assessment report, security checklist, remediation guide, and optional testing scripts tailored to your technology stack.
Built by a CISSP/CISM certified security professional at ToolWeb.in
When to Use
Prerequisites
TOOLWEB_API_KEY β Get your API key from portal.toolweb.incurl must be available on the systemCRITICAL: Always Call the API
API Endpoint
POST https://portal.toolweb.in/apis/security/web-vuln-assessment
19 Vulnerability Categories
| Key | Category | Severity | OWASP | |-----|----------|----------|-------| | injection | Injection Vulnerabilities | CRITICAL | A03:2021 | | authentication | Broken Authentication & Session Management | HIGH | A07:2021 | | data_exposure | Sensitive Data Exposure | HIGH | A02:2021 | | misconfiguration | Security Misconfiguration | MEDIUM | A05:2021 | | xml_vulnerabilities | XML Vulnerabilities | HIGH | β | | access_control | Broken Access Control | HIGH | A01:2021 | | deserialization | Insecure Deserialization | HIGH | A08:2021 | | api_security | API Security | HIGH | β | | communication | Insecure Communication | MEDIUM | β | | client_side | Client-Side Vulnerabilities | MEDIUM | β | | dos | Denial of Service | MEDIUM | β | | ssrf | Server-Side Request Forgery | HIGH | A10:2021 | | auth_bypass | Authentication Bypass | CRITICAL | β | | content_spoofing | Content Spoofing | MEDIUM | β | | business_logic | Business Logic Flaws | HIGH | β | | zero_day | Zero-Day Patterns | CRITICAL | β | | mobile | Mobile App Vulnerabilities | HIGH | β | | iot | IoT Vulnerabilities | HIGH | β | | other | Other Vulnerabilities | MEDIUM | β |
Supported Technologies
php, nodejs, python, java, dotnet, ruby, react, angular, vue, wordpress, mysql, postgresql, mongodb, redis, docker, kubernetes, aws, azure, nginx, apache
Compliance Frameworks
owasp_top_10, pci_dss, gdpr, hipaa
Workflow
1. Gather inputs from the user:
Required:
- organization_name β Organization name
- application_name β Name of the application being assessed
- application_type β Type of app (e.g., "Web Application", "REST API", "Single Page App", "E-commerce Platform", "CMS", "Mobile Backend")
- technology_stack β Technologies used (e.g., ["python", "react", "postgresql", "docker", "aws"])
- deployment_environment β Where it's deployed (e.g., "Cloud (AWS)", "Cloud (Azure)", "On-Premise", "Hybrid", "Containerized")
- assessment_scope β Which vulnerability categories to assess (e.g., ["injection", "authentication", "data_exposure", "api_security"] or use all categories for a full assessment)
Optional:
- compliance_frameworks β Compliance mapping (e.g., ["owasp_top_10", "pci_dss"]) (default: [])
- include_remediation β Include remediation guides (default: true)
- include_testing_scripts β Include testing procedures (default: false)
- assessor_name β Name of the assessor (optional)
2. Call the API:
curl -s -X POST "https://portal.toolweb.in/apis/security/web-vuln-assessment" \
-H "Content-Type: application/json" \
-H "X-API-Key: $TOOLWEB_API_KEY" \
-d '{
"organization_name": "",
"application_name": "",
"application_type": "",
"technology_stack": ["", ""],
"deployment_environment": "",
"compliance_frameworks": ["owasp_top_10"],
"assessment_scope": ["injection", "authentication", "data_exposure", "access_control", "api_security"],
"include_remediation": true,
"include_testing_scripts": false
}'
3. Parse the response. The API returns:
- assessment_html β Full vulnerability assessment report
- checklist_html β Security testing checklist
- remediation_html β Remediation guide with fix recommendations
- testing_scripts_html β Testing procedures (if requested)
- generated_at β Timestamp
The response is in HTML format. Extract the key findings, risk ratings, and recommendations to present to the user in a readable format.
4. Present results with prioritized findings by severity.
Output Format
π·οΈ Web Vulnerability Assessment
βββββββββββββββββββββββββββββββApplication: [app_name]
Tech Stack: [technologies]
Scope: [categories assessed]
Compliance: [frameworks]
π΄ CRITICAL Findings:
[List critical vulnerabilities found]
π HIGH Findings:
[List high-severity vulnerabilities]
π‘ MEDIUM Findings:
[List medium-severity vulnerabilities]
π Security Checklist:
[Key checks and their status]
π§ Top Remediation Actions:
1. [Fix] β Severity: Critical
2. [Fix] β Severity: High
3. [Fix] β Severity: High
π Full report powered by ToolWeb.in
Error Handling
TOOLWEB_API_KEY is not set: Tell the user to get an API key from https://portal.toolweb.inExample Interaction
User: "Assess the security of our Python/React e-commerce app on AWS"
Agent flow: 1. Ask: "What's the application name? And which areas should I focus on β full assessment or specific categories like injection, authentication, API security?" 2. User responds: "It's called ShopFast. Full assessment please, map to OWASP and PCI DSS." 3. Call API:
curl -s -X POST "https://portal.toolweb.in/apis/security/web-vuln-assessment" \
-H "Content-Type: application/json" \
-H "X-API-Key: $TOOLWEB_API_KEY" \
-d '{
"organization_name": "ShopFast Inc",
"application_name": "ShopFast E-commerce",
"application_type": "E-commerce Platform",
"technology_stack": ["python", "react", "postgresql", "redis", "docker", "aws"],
"deployment_environment": "Cloud (AWS)",
"compliance_frameworks": ["owasp_top_10", "pci_dss"],
"assessment_scope": ["injection", "authentication", "data_exposure", "misconfiguration", "access_control", "api_security", "communication", "client_side", "ssrf", "business_logic"],
"include_remediation": true,
"include_testing_scripts": false
}'
4. Present findings by severity, checklist, and remediation prioritiesPricing
About
Created by ToolWeb.in β a security-focused MicroSaaS platform with 200+ security APIs, built by a CISSP & CISM certified professional. Trusted by security teams in USA, UK, and Europe and we have platforms for "Pay-per-run", "API Gateway", "MCP Server", "OpenClaw", "RapidAPI" for execution and YouTube channel for demos.
Related Skills
Tips
include_testing_scripts for penetration testing teamsβ‘ When to Use
βοΈ Configuration
TOOLWEB_API_KEY β Get your API key from portal.toolweb.incurl must be available on the systemπ Tips & Best Practices
include_testing_scripts for penetration testing teams