Owasp Infrastructure

Name: Owasp Infrastructure
Author: microsoft

microsoft/hve-core

Look up OWASP Infrastructure Security Top 10 (2024) IDs, titles, and categories when reviewing or hardening production infrastructure.

Install

npx skills add https://github.com/microsoft/hve-core --skill owasp-infrastructure

What is this skill?

Indexed catalog of OWASP Infrastructure Security Top 10 (2024) entries ISR01–ISR09
Maps each ID to title and primary category (patch, observability, configuration, access control, and more)
Cross-reference anchor for Microsoft HVE-core infrastructure security workflows
Structured table for agents citing the correct ISR identifier in findings
Covers credential hygiene, cryptography, network access, and information leakage categories

Adoption & trust: 28 installs on skills.sh; 1.1k GitHub stars; 3/3 security scanners passed (skills.sh audits).

Recommended Skills

Azure Compliancemicrosoft/azure-skills

Azure Compliance is a Microsoft agent skill for solo builders and small teams who need structured security and complianc…373k installs·1.2k stars

Openclaw Secure Linux Cloudxixu-me/skills

OpenClaw Secure Linux Cloud guides a hardened VPS deployment—rootless Podman, loopback-only gateway, SSH-tunneled Contro…201k installs·61 stars

Entra Agent Idmicrosoft/azure-skills

entra-agent-id is a Microsoft-authored agent skill for provisioning and operating OAuth-capable identities tailored to A…99.1k installs·1.2k stars

Firebase Security Rules Auditorfirebase/agent-skills

Firebase Security Rules Auditor turns your agent into a senior penetration-style reviewer for Firestore rulesets. Solo b…40.3k installs·345 stars

Firestore Security Rules Auditorfirebase/agent-skills

Firestore-security-rules-auditor is a checker skill for solo builders and small teams shipping Firebase-backed apps who …20.3k installs·345 stars

Skill Vetteruseai-pro/openclaw-skills-security

Skill Vetter is a security-first OpenClaw agent skill that makes your coding agent behave like a pre-install auditor for…19.2k installs·62 stars

Journey fit

Primary fit

Ship/security is the canonical shelf because infra Top 10 mapping is most often invoked during pre-release and security review gates. Security subphase fits vulnerability indexing tied to patch management, access control, and network hygiene—not feature coding.

Common Questions / FAQ

Is Owasp Infrastructure safe to install?

skills.sh reports 3 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.

SKILL.md

READMESKILL.md - Owasp Infrastructure

# 00 Vulnerability Index

This document provides the index for the OWASP Infrastructure Security Top 10 (2024) vulnerabilities.
Each entry includes its identifier, title, and primary category.

## Vulnerability catalog

| ID         | Title                                                   | Category                 |
|------------|---------------------------------------------------------|--------------------------|
| ISR01:2024 | Outdated Software                                       | Patch Management         |
| ISR02:2024 | Insufficient Threat Detection                           | Observability            |
| ISR03:2024 | Insecure Configurations                                 | Configuration Management |
| ISR04:2024 | Insecure Resource and User Management                   | Access Control           |
| ISR05:2024 | Insecure Use of Cryptography                            | Data Protection          |
| ISR06:2024 | Insecure Network Access Management                      | Network Security         |
| ISR07:2024 | Insecure Authentication Methods and Default Credentials | Credential Hygiene       |
| ISR08:2024 | Information Leakage                                     | Data Protection          |
| ISR09:2024 | Insecure Access to Resources and Management Components  | Access Control           |
| ISR10:2024 | Insufficient Asset Management and Documentation         | Governance               |

## Cross-reference matrix

Each vulnerability document follows a consistent structure:

1. Description — what the vulnerability is and how it manifests in internal infrastructure.
2. Risk — concrete consequences of exploitation and business impact.
3. Vulnerability checklist — indicators that the environment is exposed.
4. Prevention controls — defensive measures and rectification steps.
5. Example attack scenarios — realistic exploitation narratives.
6. Detection guidance — signals and methods to identify exposure.
7. Remediation — immediate and long-term actions to contain and resolve.

## Category groupings

### Patch Management

* ISR01:2024 Outdated Software

### Observability

* ISR02:2024 Insufficient Threat Detection

### Configuration Management

* ISR03:2024 Insecure Configurations

### Access Control

* ISR04:2024 Insecure Resource and User Management
* ISR09:2024 Insecure Access to Resources and Management Components

### Data Protection

* ISR05:2024 Insecure Use of Cryptography
* ISR08:2024 Information Leakage

### Network Security

* ISR06:2024 Insecure Network Access Management

### Credential Hygiene

* ISR07:2024 Insecure Authentication Methods and Default Credentials

### Governance

* ISR10:2024 Insufficient Asset Management and Documentation

---

*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*


---
title: 'ISR01: Outdated Software'
description: OWASP Infrastructure Top 10 reference for outdated software vulnerabilities including unpatched systems and end-of-life components
---

# 01 Outdated Software

Identifier: ISR01:2024
Category: Patch Management

## Description

Outdated software occurs when software components, including libraries and dependencies, are not
kept on current, stable, and supported versions.
Updates frequently include security-relevant patches, meaning unpatched software may contain
vulnerabilities in its current version state.
These vulnerabilities are often publicly known and can be discovered by security scanners.
Due to the lack of updates and update management, many software components and underlying systems
become vulnerable over time, with increasing criticality as time passes.

## Risk

* Vulnerabilities ranging from low criticality to full system compromise.
* Severity and count of vulnerabilities in

What is this skill?

Indexed catalog of OWASP Infrastructure Security Top 10 (2024) entries ISR01–ISR09

Maps each ID to title and primary category (patch, observability, configuration, access control, and more)

Cross-reference anchor for Microsoft HVE-core infrastructure security workflows

Structured table for agents citing the correct ISR identifier in findings

Covers credential hygiene, cryptography, network access, and information leakage categories

Adoption & trust: 28 installs on skills.sh; 1.1k GitHub stars; 3/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

SKILL.md

READMESKILL.md - Owasp Infrastructure

# 00 Vulnerability Index

This document provides the index for the OWASP Infrastructure Security Top 10 (2024) vulnerabilities.
Each entry includes its identifier, title, and primary category.

## Vulnerability catalog

| ID         | Title                                                   | Category                 |
|------------|---------------------------------------------------------|--------------------------|
| ISR01:2024 | Outdated Software                                       | Patch Management         |
| ISR02:2024 | Insufficient Threat Detection                           | Observability            |
| ISR03:2024 | Insecure Configurations                                 | Configuration Management |
| ISR04:2024 | Insecure Resource and User Management                   | Access Control           |
| ISR05:2024 | Insecure Use of Cryptography                            | Data Protection          |
| ISR06:2024 | Insecure Network Access Management                      | Network Security         |
| ISR07:2024 | Insecure Authentication Methods and Default Credentials | Credential Hygiene       |
| ISR08:2024 | Information Leakage                                     | Data Protection          |
| ISR09:2024 | Insecure Access to Resources and Management Components  | Access Control           |
| ISR10:2024 | Insufficient Asset Management and Documentation         | Governance               |

## Cross-reference matrix

Each vulnerability document follows a consistent structure:

1. Description — what the vulnerability is and how it manifests in internal infrastructure.
2. Risk — concrete consequences of exploitation and business impact.
3. Vulnerability checklist — indicators that the environment is exposed.
4. Prevention controls — defensive measures and rectification steps.
5. Example attack scenarios — realistic exploitation narratives.
6. Detection guidance — signals and methods to identify exposure.
7. Remediation — immediate and long-term actions to contain and resolve.

## Category groupings

### Patch Management

* ISR01:2024 Outdated Software

### Observability

* ISR02:2024 Insufficient Threat Detection

### Configuration Management

* ISR03:2024 Insecure Configurations

### Access Control

* ISR04:2024 Insecure Resource and User Management
* ISR09:2024 Insecure Access to Resources and Management Components

### Data Protection

* ISR05:2024 Insecure Use of Cryptography
* ISR08:2024 Information Leakage

### Network Security

* ISR06:2024 Insecure Network Access Management

### Credential Hygiene

* ISR07:2024 Insecure Authentication Methods and Default Credentials

### Governance

* ISR10:2024 Insufficient Asset Management and Documentation

---

*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*


---
title: 'ISR01: Outdated Software'
description: OWASP Infrastructure Top 10 reference for outdated software vulnerabilities including unpatched systems and end-of-life components
---

# 01 Outdated Software

Identifier: ISR01:2024
Category: Patch Management

## Description

Outdated software occurs when software components, including libraries and dependencies, are not
kept on current, stable, and supported versions.
Updates frequently include security-relevant patches, meaning unpatched software may contain
vulnerabilities in its current version state.
These vulnerabilities are often publicly known and can be discovered by security scanners.
Due to the lack of updates and update management, many software components and underlying systems
become vulnerable over time, with increasing criticality as time passes.

## Risk

* Vulnerabilities ranging from low criticality to full system compromise.
* Severity and count of vulnerabilities in

Install

What is this skill?

Recommended Skills

Journey fit

Is Owasp Infrastructure safe to install?

SKILL.md

This week for builders

Install

What is this skill?

Recommended Skills

Journey fit

Is Owasp Infrastructure safe to install?

SKILL.md