skills.homes logoskills.homescapability registry
home/categories/testing-security
domain cluster

Testing & Security

QA, penetration testing, and code quality.

9326 스킬all categories
sorting
stars
current ordering strategy
query
all entries
refine the visible subset
security
4.2K

implementing-api-gateway-security-controls

Implements security controls at the API gateway layer including authentication enforcement, rate limiting, request validation, IP allowlisting, TLS termination, and threat protection. The engineer configures API gateways (Kong, AWS API Gateway, Azure APIM, Apigee) to act as a centralized security enforcement point that validates, throttles, and monitors all API traffic before it reaches backend services. Activates for requests involving API gateway security, API management security, gateway authentication, or centralized API protection.

mukul975
mukul975
testing-security
open
security
4.2K

implementing-api-key-security-controls

Implements secure API key generation, storage, rotation, and revocation controls to protect API authentication credentials from leakage, brute force, and abuse. The engineer designs API key formats with sufficient entropy, implements secure hashing for storage, enforces per-key scoping and rate limiting, monitors for leaked keys in public repositories, and builds key rotation workflows. Activates for requests involving API key management, API key security, key rotation policy, or API credential protection.

mukul975
mukul975
testing-security
open
security
4.2K

implementing-api-schema-validation-security

Implement API schema validation using OpenAPI specifications and JSON Schema to enforce input/output contracts and prevent injection, data exposure, and mass assignment attacks.

mukul975
mukul975
testing-security
open
security
4.2K

implementing-api-threat-protection-with-apigee

Implement API threat protection using Google Apigee policies including JSON/XML threat protection, OAuth 2.0, SpikeArrest, and Advanced API Security for OWASP Top 10 defense.

mukul975
mukul975
testing-security
open
security
4.2K

implementing-application-whitelisting-with-applocker

Implements application whitelisting using Windows AppLocker to restrict unauthorized software execution on endpoints, reducing attack surface from malware, unauthorized tools, and shadow IT. Use when enforcing application control policies, meeting compliance requirements for software restriction, or preventing execution of unsigned or untrusted binaries. Activates for requests involving AppLocker, application whitelisting, software restriction, or executable control.

mukul975
mukul975
testing-security
open
security
4.2K

implementing-aws-iam-permission-boundaries

Configure IAM permission boundaries in AWS to delegate role creation to developers while enforcing maximum privilege limits set by the security team.

mukul975
mukul975
testing-security
open
security
4.2K

implementing-aws-nitro-enclave-security

Implements AWS Nitro Enclave-based confidential computing environments with cryptographic attestation, KMS policy integration using PCR-based condition keys, and secure vsock communication channels. The practitioner builds enclave images, configures attestation-aware KMS policies, validates attestation documents against the AWS Nitro PKI root of trust, and establishes isolated computation pipelines for processing sensitive data such as PII, cryptographic keys, and healthcare records. Activates for requests involving Nitro Enclave setup, enclave attestation validation, confidential computing on AWS, or KMS enclave policy configuration.

mukul975
mukul975
testing-security
open
security
4.2K

implementing-aws-security-hub-compliance

Implementing AWS Security Hub to aggregate security findings across AWS accounts, enable compliance standards like CIS AWS Foundations and PCI DSS, configure automated remediation with EventBridge and Lambda, and create custom security insights for organizational risk management.

mukul975
mukul975
testing-security
open
security
4.2K

implementing-aws-security-hub

This skill covers deploying AWS Security Hub as a centralized cloud security posture management platform that aggregates findings from GuardDuty, Inspector, Macie, and third-party tools. It details enabling security standards like CIS AWS Foundations Benchmark, configuring automated remediation, and building executive dashboards for compliance tracking across multi-account AWS organizations.

mukul975
mukul975
testing-security
open
security
4.2K

implementing-beyondcorp-zero-trust-access-model

Implementing Google's BeyondCorp zero trust access model to eliminate implicit trust from the network perimeter, enforce identity-aware access controls using IAP, Access Context Manager, and Chrome Enterprise Premium for VPN-less secure application access.

mukul975
mukul975
testing-security
open
security
4.2K

implementing-browser-isolation-for-zero-trust

Deploys remote browser isolation (RBI) as a core component of a Zero Trust architecture. Implements isolation policies with URL categorization and risk-based routing, content disarming and reconstruction (CDR) for file sanitization, data loss prevention controls within isolated sessions, and integration with Secure Web Gateway and ZTNA platforms. Based on Cloudflare Browser Isolation, Menlo Security, and Zscaler RBI approaches. Use when hardening web access against zero-day exploits, phishing, credential theft, and browser-based data exfiltration.

mukul975
mukul975
testing-security
open
security
4.2K

implementing-canary-tokens-for-network-intrusion

Deploys DNS, HTTP, and AWS API key canary tokens across network infrastructure to detect unauthorized access and lateral movement. Integrates with webhook alerting (Slack, Teams, email, generic HTTP) for real-time intrusion notifications. Provides automated token generation, placement strategies, and monitoring for enterprise network environments. Use when building deception-based network intrusion detection with Canarytokens.org and Thinkst Canary platforms.

mukul975
mukul975
testing-security
open
security
4.2K

implementing-cisa-zero-trust-maturity-model

Implement the CISA Zero Trust Maturity Model v2.0 across the five pillars of identity, devices, networks, applications, and data to achieve progressive organizational zero trust maturity.

mukul975
mukul975
testing-security
open
security
4.2K

implementing-cloud-workload-protection

Implements cloud workload protection using boto3 and google-cloud APIs for runtime security monitoring, process anomaly detection, and file integrity checking on EC2/GCE instances. Scans for cryptomining, reverse shells, and unauthorized binaries. Use when building runtime security controls for cloud compute workloads.

mukul975
mukul975
testing-security
open
security
4.2K

implementing-conditional-access-policies-azure-ad

Configure Microsoft Entra ID (Azure AD) Conditional Access policies for zero trust access control. Covers signal-based policy design, device compliance requirements, risk-based authentication, named l

mukul975
mukul975
testing-security
open
security
4.2K

implementing-ddos-mitigation-with-cloudflare

Configure Cloudflare DDoS protection with managed rulesets, rate limiting, WAF rules, Bot Management, and origin protection to mitigate volumetric, protocol, and application-layer attacks.

mukul975
mukul975
testing-security
open
security
4.2K

implementing-device-posture-assessment-in-zero-trust

Implementing device posture assessment as a zero trust access control by integrating endpoint health signals from CrowdStrike ZTA, Microsoft Intune, and Jamf into conditional access policies that enforce compliance before granting resource access.

mukul975
mukul975
testing-security
open
security
4.2K

implementing-digital-signatures-with-ed25519

Ed25519 is a high-performance digital signature algorithm using the Edwards curve Curve25519. It provides 128-bit security with 64-byte signatures and 32-byte keys, offering significant advantages ove

mukul975
mukul975
testing-security
open
security
4.2K

implementing-disk-encryption-with-bitlocker

Implements full disk encryption using Microsoft BitLocker on Windows endpoints to protect data at rest from unauthorized access in case of device loss or theft. Use when deploying encryption for compliance requirements, securing mobile workstations, or implementing data protection controls across the enterprise. Activates for requests involving BitLocker encryption, disk encryption, TPM configuration, or data-at-rest protection.

mukul975
mukul975
testing-security
open
security
4.2K

implementing-dmarc-dkim-spf-email-security

SPF, DKIM, and DMARC form the three pillars of email authentication. Together they prevent domain spoofing, validate message integrity, and define policies for handling unauthenticated mail. Proper im

mukul975
mukul975
testing-security
open
security
4.2K

implementing-dragos-platform-for-ot-monitoring

Deploy and configure the Dragos Platform for OT network monitoring, leveraging its 600+ industrial protocol parsers, intelligence-driven threat detection analytics, and asset visibility capabilities to protect ICS environments against threat groups like VOLTZITE, GRAPHITE, and BAUXITE.

mukul975
mukul975
testing-security
open
security
4.2K

implementing-email-sandboxing-with-proofpoint

Email sandboxing detonates suspicious attachments and URLs in isolated environments to detect zero-day malware and evasive phishing payloads. Proofpoint Targeted Attack Protection (TAP) is an industry

mukul975
mukul975
testing-security
open
Previous
Page 44 / 389
Next