mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-11 18:13:43 +03:00
feat: add NIST CSF 2.0 nist_csf field to all 754 cybersecurity skills
Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions) based on subdomain and content analysis. Restores 11 skills corrupted during prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields. All 754 skills now carry structured mappings for all 5 security frameworks: - MITRE ATT&CK (in tags) - MITRE ATLAS v5.5 (atlas_techniques) - MITRE D3FEND v1.3 (d3fend_techniques) - NIST AI RMF 1.0 (nist_ai_rmf) - NIST CSF 2.0 (nist_csf)
This commit is contained in:
@@ -1,19 +1,30 @@
|
||||
---
|
||||
name: exploiting-api-injection-vulnerabilities
|
||||
description: >
|
||||
Tests APIs for injection vulnerabilities including SQL injection, NoSQL injection, OS command
|
||||
injection, LDAP injection, and Server-Side Request Forgery (SSRF) through API parameters,
|
||||
headers, and request bodies. The tester crafts malicious payloads targeting different backend
|
||||
technologies and injection contexts to extract data, execute commands, or access internal
|
||||
services. Maps to OWASP API8:2023 Security Misconfiguration and API7:2023 SSRF. Activates
|
||||
for requests involving API injection testing, SQLi in APIs, NoSQL injection, SSRF testing,
|
||||
or API input validation assessment.
|
||||
description: 'Tests APIs for injection vulnerabilities including SQL injection, NoSQL injection, OS command injection, LDAP
|
||||
injection, and Server-Side Request Forgery (SSRF) through API parameters, headers, and request bodies. The tester crafts
|
||||
malicious payloads targeting different backend technologies and injection contexts to extract data, execute commands, or
|
||||
access internal services. Maps to OWASP API8:2023 Security Misconfiguration and API7:2023 SSRF. Activates for requests involving
|
||||
API injection testing, SQLi in APIs, NoSQL injection, SSRF testing, or API input validation assessment.
|
||||
|
||||
'
|
||||
domain: cybersecurity
|
||||
subdomain: api-security
|
||||
tags: [api-security, owasp, injection, sqli, nosql, ssrf, command-injection]
|
||||
tags:
|
||||
- api-security
|
||||
- owasp
|
||||
- injection
|
||||
- sqli
|
||||
- nosql
|
||||
- ssrf
|
||||
- command-injection
|
||||
version: 1.0.0
|
||||
author: mahipal
|
||||
license: Apache-2.0
|
||||
nist_csf:
|
||||
- PR.PS-01
|
||||
- ID.RA-01
|
||||
- PR.DS-10
|
||||
- DE.CM-01
|
||||
---
|
||||
# Exploiting API Injection Vulnerabilities
|
||||
|
||||
|
||||
Reference in New Issue
Block a user