feat: add NIST CSF 2.0 nist_csf field to all 754 cybersecurity skills

Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions)
based on subdomain and content analysis. Restores 11 skills corrupted during
prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields.

All 754 skills now carry structured mappings for all 5 security frameworks:
- MITRE ATT&CK (in tags)
- MITRE ATLAS v5.5 (atlas_techniques)
- MITRE D3FEND v1.3 (d3fend_techniques)
- NIST AI RMF 1.0 (nist_ai_rmf)
- NIST CSF 2.0 (nist_csf)
This commit is contained in:
mukul975
2026-04-06 11:17:31 +02:00
parent e8105a2f4d
commit efca3ec611
754 changed files with 12847 additions and 2832 deletions
@@ -1,18 +1,28 @@
---
name: exploiting-excessive-data-exposure-in-api
description: >
Tests APIs for excessive data exposure where endpoints return more data than the client
application needs, relying on the frontend to filter sensitive fields. The tester intercepts
API responses and analyzes them for leaked PII, internal identifiers, debug information,
or sensitive business data that the UI does not display but the API transmits. This maps to
OWASP API3:2023 Broken Object Property Level Authorization. Activates for requests involving
API data leakage testing, excessive data exposure, response filtering bypass, or API over-fetching.
description: 'Tests APIs for excessive data exposure where endpoints return more data than the client application needs, relying
on the frontend to filter sensitive fields. The tester intercepts API responses and analyzes them for leaked PII, internal
identifiers, debug information, or sensitive business data that the UI does not display but the API transmits. This maps
to OWASP API3:2023 Broken Object Property Level Authorization. Activates for requests involving API data leakage testing,
excessive data exposure, response filtering bypass, or API over-fetching.
'
domain: cybersecurity
subdomain: api-security
tags: [api-security, owasp, data-exposure, rest-security, pii-leakage]
tags:
- api-security
- owasp
- data-exposure
- rest-security
- pii-leakage
version: 1.0.0
author: mahipal
license: Apache-2.0
nist_csf:
- PR.PS-01
- ID.RA-01
- PR.DS-10
- DE.CM-01
---
# Exploiting Excessive Data Exposure in API