mirror of
https://github.com/azaion/gps-denied-onboard.git
synced 2026-04-23 10:26:38 +00:00
Yuzviak
6ff14a1a7d
- Vendor local .claude/ command skills (autopilot, plan, implement, etc.) - Add CLAUDE.md pointing slash commands to .claude/commands/*/SKILL.md - Untrack docs-Lokal/ and ignore .planning/ for local-only planning docs - Include next_steps.md pulled from upstream Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
31 lines
818 B
Markdown
31 lines
818 B
Markdown
# Security Tests Template
|
|
|
|
Save as `DOCUMENT_DIR/tests/security-tests.md`.
|
|
|
|
---
|
|
|
|
```markdown
|
|
# Security Tests
|
|
|
|
### NFT-SEC-01: [Test Name]
|
|
|
|
**Summary**: [What security property this validates]
|
|
**Traces to**: AC-[ID], RESTRICT-[ID]
|
|
|
|
**Steps**:
|
|
|
|
| Step | Consumer Action | Expected Response |
|
|
|------|----------------|------------------|
|
|
| 1 | [attempt unauthorized access / injection / etc.] | [rejection / no data leak / etc.] |
|
|
|
|
**Pass criteria**: [specific security outcome]
|
|
```
|
|
|
|
---
|
|
|
|
## Guidance Notes
|
|
|
|
- Security tests at blackbox level focus on black-box attacks (unauthorized API calls, malformed input), not code-level vulnerabilities.
|
|
- Verify the system remains operational after security-related edge cases (no crash, no hang).
|
|
- Test authentication/authorization boundaries from the consumer's perspective.
|