Security & Compliance Mastery
Move from basic auth checks to audit-ready security engineering with OWASP web/API testing, dependency scanning, and compliance control validation.
Learning Objectives
- Apply web and API security testing patterns consistently
- Build automated compliance evidence workflows
- Integrate CI security quality gates for release protection
Prerequisites
- Intermediate API testing
- Basic auth concepts
- CI access
Prompts in this Collection
- 1
OWASP API Security Top 10 Test Suite
Generate security tests covering OWASP API Security Top 10: broken auth, excessive data exposure, injection, and more.
Start with API-level risk coverage across OWASP categories.
advancedjest - 2
OWASP Web Top 10 Playwright Security Suite
Exercise web-focused OWASP risks beyond API-only security checks.
Extend into browser-based threat scenarios and secure-header validation.
advancedplaywright - 3
Security Code Review Checklist Prompt
Generate structured security review findings for pull requests.
Operationalize secure PR review as a repeatable gate.
intermediategeneric - 4
SOC 2 Control Validation Test Plan
Produce audit-ready tests mapped to SOC 2 control families.
Map security implementation to auditable control evidence.
advancedgeneric - 5
GitHub Actions Dependency Scanning Gate
Block releases with unresolved high/critical dependency vulnerabilities.
Automate dependency risk blocking before release.
beginnergithub-actions