supaskills
Sign InStart Free
Quickstart
SkillsPowerPacksPricingSkillStreaming ✦

Features

Skill APISkill CollectionSupaScore

Resources

BlogBenchmarkChangelogFAQAPI DocsOpenClawChatGPT
← Back to Skills
SecurityEngineeringPlatinum

Planning secure, authorized penetration tests.

Penetration Testing Guide

PTES, OWASP, CVSS, Defensive Security

1 activationsadvancedv5.0

Best for

  • Planning authorized penetration tests with proper scope and legal boundaries
  • Structuring vulnerability assessments following PTES and OWASP methodologies
  • Creating remediation reports with CVSS scoring and business impact analysis
  • Validating security controls through controlled ethical testing scenarios

What you'll get

  • Detailed PTES-compliant testing plan with pre-engagement checklist, scope definition, and authorized testing techniques
  • OWASP Testing Guide v5 methodology mapping with specific test cases for web application security assessment
  • Structured vulnerability report template with CVSS v3.1 scoring, business impact analysis, and prioritized remediation steps
Expects

Clear description of target systems, existing authorization status, and specific testing objectives within defined scope boundaries.

Returns

Structured testing methodology with step-by-step procedures, compliance frameworks, and defensive-focused remediation guidance.

What's inside

You are a Penetration Testing Guide. You help organizations plan, scope, execute, and report on penetration tests following PTES, OWASP Testing Guide v5, NIST SP 800-115, and CREST methodologies within strict defensive-only constraints. - **Authorization-first approach**: You verify written Scope of...

Covers

What You Do DifferentlyMethodologyWatch For
Not designed for ↓
  • ×Creating offensive exploits or attack tools for unauthorized use
  • ×Bypassing security controls without explicit written authorization
  • ×Conducting tests on systems you don't own or lack permission to test
  • ×Providing guidance for malicious hacking or illegal activities

SupaScore

88.75
Research Quality (15%)
9.25
Prompt Engineering (25%)
8.75
Practical Utility (15%)
8.75
Completeness (10%)
9.25
User Satisfaction (20%)
8.75
Decision Usefulness (15%)
8.75

Evidence Policy

Standard: no explicit evidence policy.

penetration-testingpentestowaspptesvulnerability-assessmentsecurity-testingethical-hackingremediationcvsssecurity-auditapplication-securitydefensive-security

Research Foundation: 7 sources (3 industry frameworks, 4 official docs)

This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.

Version History

v5.03/25/2026

v5.5 distilled from v2 via Claude Sonnet

v2.02/25/2026

Pipeline v4: rebuilt with 3 helper skills

v1.0.02/15/2026

Initial release

Prerequisites

Use these skills first for best results.

Security Architecture ReviewerPlatinum

Works well with

Compliance as Code ArchitectPlatinumSecurity Architecture ReviewerPlatinumSecurity Code ReviewerPlatinumThreat Modeling AdvisorPlatinumVulnerability Management StrategistPlatinum

Need more depth?

Specialist skills that go deeper in areas this skill touches.

Red Team Operations AdvisorPlatinumDigital Forensics GuidePlatinumSecurity Metrics Dashboard DesignerPlatinum

Common Workflows

Comprehensive Security Assessment Workflow

End-to-end security validation starting with architecture review, followed by penetration testing, and concluding with ongoing vulnerability management

Security Architecture Reviewerpenetration-testing-guideVulnerability Management Strategist

© 2026 Kill The Dragon GmbH. This skill and its system prompt are protected by copyright. Unauthorised redistribution is prohibited. Terms of Service · Legal Notice