Hve-core owasp-top-10

Name: owasp-top-10
Author: microsoft

OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core.

install

source · Clone the upstream repo

git clone https://github.com/microsoft/hve-core

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/microsoft/hve-core "$T" && mkdir -p ~/.claude/skills && cp -r "$T/.github/skills/security/owasp-top-10" ~/.claude/skills/microsoft-hve-core-owasp-top-10 && rm -rf "$T"

manifest: .github/skills/security/owasp-top-10/SKILL.md

source content

OWASP® Top 10 — Skill Entry

This

SKILL.md

is the entrypoint for the OWASP Top 10 skill.

The skill encodes the OWASP Top 10 for Web Applications (2025) as structured, machine-readable references that an agent can query to identify, assess, and remediate web application security risks.

Normative references (Web Top 10)

Skill layout

```
SKILL.md
```
— this file (skill entrypoint).
```
references/
```
— the Web Top 10 normative documents.
- ```
00-vulnerability-index.md
```
  — index of all vulnerability identifiers, categories, and cross-references.
- ```
01
```
  through
```
10
```
  — one document per vulnerability aligned with OWASP Web Application Security numbering.

Third-Party Attribution

Copyright © OWASP Foundation. OWASP® Top 10 (2025) content is derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0/). Source: https://owasp.org/Top10/2025/ Modifications: Vulnerability descriptions restructured into agent-consumable reference documents with added detection and remediation guidance. OWASP® is a registered trademark of the OWASP Foundation. Use does not imply endorsement.

🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.