mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-13 19:05:17 +03:00
Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
This commit is contained in:
@@ -0,0 +1,56 @@
|
||||
# API Reference: Testing for Business Logic Vulnerabilities
|
||||
|
||||
## requests Library
|
||||
|
||||
### Concurrent Testing (Race Conditions)
|
||||
```python
|
||||
import threading
|
||||
|
||||
def send_request():
|
||||
resp = requests.post(url, headers=headers, json=payload)
|
||||
results.append(resp.status_code)
|
||||
|
||||
threads = [threading.Thread(target=send_request) for _ in range(10)]
|
||||
for t in threads: t.start()
|
||||
for t in threads: t.join()
|
||||
```
|
||||
|
||||
## Business Logic Test Categories
|
||||
|
||||
### Price Manipulation Payloads
|
||||
| Test | Payload | Expected |
|
||||
|------|---------|----------|
|
||||
| Negative quantity | `{"quantity": -1}` | Should reject |
|
||||
| Zero price | `{"price": 0}` | Should reject |
|
||||
| Float quantity | `{"quantity": 0.001}` | Should reject for physical goods |
|
||||
| Integer overflow | `{"quantity": 2147483647}` | Should reject |
|
||||
| Negative price | `{"price": -99.99}` | Should reject |
|
||||
|
||||
### Workflow Bypass Tests
|
||||
1. Skip email verification -> access dashboard
|
||||
2. Skip payment -> confirm order
|
||||
3. Skip MFA -> access protected resources
|
||||
4. Repeat one-time steps (coupon, voucher)
|
||||
|
||||
### Race Condition Targets
|
||||
| Endpoint | Risk |
|
||||
|----------|------|
|
||||
| Coupon application | Applied multiple times |
|
||||
| Balance transfer | Double spending |
|
||||
| Reward claiming | Multiple claims |
|
||||
| Inventory purchase | Overselling |
|
||||
|
||||
### Referral/Reward Abuse
|
||||
- Self-referral with own email
|
||||
- Referral code reuse across accounts
|
||||
- Coupon stacking (multiple codes)
|
||||
- Earn points -> cancel order -> keep points
|
||||
|
||||
## OWASP Category
|
||||
- A04:2021 - Insecure Design
|
||||
- Business logic flaws are not detectable by automated scanners
|
||||
|
||||
## References
|
||||
- OWASP Testing Business Logic: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/
|
||||
- PortSwigger Business Logic: https://portswigger.net/web-security/logic-flaws
|
||||
- requests docs: https://docs.python-requests.org/
|
||||
Reference in New Issue
Block a user