creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-26 03:34:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal

Browse Source 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
This commit is contained in:
mukul975
2026-03-11 00:22:12 +01:00
parent 27c6414ca5
commit c21af3347e
1244 changed files with 61622 additions and 723 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/testing-api-for-mass-assignment-vulnerability/references/api-reference.md
+52
View File
@@ -0,0 +1,52 @@
# API Reference: Testing API for Mass Assignment Vulnerability
## Privilege Field Categories
| Category | Example Fields | Impact |
|----------|---------------|--------|
| Role elevation | role, userRole, account_type | Admin access |
| Admin flags | isAdmin, is_superuser | Full privileges |
| Permissions | permissions, scopes, groups | Arbitrary access |
| Account status | verified, is_active | Bypass verification |
| Financial | balance, credit, discount, price | Monetary fraud |
| Ownership | user_id, owner_id | Data theft |
| Internal | debug, is_featured | Hidden features |
## Framework-Specific Payloads
| Framework | Payload Pattern |
|-----------|----------------|
| Rails/ActiveRecord | `{"user": {"role": "admin"}}` |
| Django REST | `{"is_staff": true, "is_superuser": true}` |
| Express/Mongoose | `{"$set": {"role": "admin"}}` |
| Spring Boot | `{"authorities": [{"authority": "ROLE_ADMIN"}]}` |
## OWASP API3:2023 Mitigations
| Mitigation | Description |
|-----------|-------------|
| DTO/Input Schema | Explicit allowed fields per endpoint |
| Strong parameters | Framework allowlist (Rails) |
| Serializer fields | Django REST serializer definition |
| Property filter | Drop unknown fields before binding |
## Test Tools
| Tool | Purpose |
|------|---------|
| Burp Repeater | Manual parameter injection |
| Param Miner (Burp) | Hidden parameter discovery |
| Arjun | Automated parameter fuzzing |
| Postman | Request body manipulation |
## Python Libraries
| Library | Version | Purpose |
|---------|---------|---------|
| `requests` | >=2.28 | HTTP API calls |
| `json` | stdlib | Payload construction |
## References
- OWASP API3:2023: https://owasp.org/API-Security/editions/2023/en/0xa3-broken-object-property-level-authorization/
- Param Miner: https://portswigger.net/bappstore/17d2949a985c4b7ca092728dba871943