feat: add NIST CSF 2.0 nist_csf field to all 754 cybersecurity skills

Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions)
based on subdomain and content analysis. Restores 11 skills corrupted during
prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields.

All 754 skills now carry structured mappings for all 5 security frameworks:
- MITRE ATT&CK (in tags)
- MITRE ATLAS v5.5 (atlas_techniques)
- MITRE D3FEND v1.3 (d3fend_techniques)
- NIST AI RMF 1.0 (nist_ai_rmf)
- NIST CSF 2.0 (nist_csf)
This commit is contained in:
mukul975
2026-04-06 11:17:31 +02:00
parent e8105a2f4d
commit efca3ec611
754 changed files with 12847 additions and 2832 deletions
@@ -1,19 +1,30 @@
---
name: exploiting-api-injection-vulnerabilities
description: >
Tests APIs for injection vulnerabilities including SQL injection, NoSQL injection, OS command
injection, LDAP injection, and Server-Side Request Forgery (SSRF) through API parameters,
headers, and request bodies. The tester crafts malicious payloads targeting different backend
technologies and injection contexts to extract data, execute commands, or access internal
services. Maps to OWASP API8:2023 Security Misconfiguration and API7:2023 SSRF. Activates
for requests involving API injection testing, SQLi in APIs, NoSQL injection, SSRF testing,
or API input validation assessment.
description: 'Tests APIs for injection vulnerabilities including SQL injection, NoSQL injection, OS command injection, LDAP
injection, and Server-Side Request Forgery (SSRF) through API parameters, headers, and request bodies. The tester crafts
malicious payloads targeting different backend technologies and injection contexts to extract data, execute commands, or
access internal services. Maps to OWASP API8:2023 Security Misconfiguration and API7:2023 SSRF. Activates for requests involving
API injection testing, SQLi in APIs, NoSQL injection, SSRF testing, or API input validation assessment.
'
domain: cybersecurity
subdomain: api-security
tags: [api-security, owasp, injection, sqli, nosql, ssrf, command-injection]
tags:
- api-security
- owasp
- injection
- sqli
- nosql
- ssrf
- command-injection
version: 1.0.0
author: mahipal
license: Apache-2.0
nist_csf:
- PR.PS-01
- ID.RA-01
- PR.DS-10
- DE.CM-01
---
# Exploiting API Injection Vulnerabilities