mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-19 22:19:39 +03:00
feat: add NIST CSF 2.0 nist_csf field to all 754 cybersecurity skills
Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions) based on subdomain and content analysis. Restores 11 skills corrupted during prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields. All 754 skills now carry structured mappings for all 5 security frameworks: - MITRE ATT&CK (in tags) - MITRE ATLAS v5.5 (atlas_techniques) - MITRE D3FEND v1.3 (d3fend_techniques) - NIST AI RMF 1.0 (nist_ai_rmf) - NIST CSF 2.0 (nist_csf)
This commit is contained in:
@@ -1,19 +1,28 @@
|
||||
---
|
||||
name: performing-graphql-introspection-attack
|
||||
description: >
|
||||
Performs GraphQL introspection attacks to extract the full API schema including types, queries,
|
||||
mutations, subscriptions, and field definitions from GraphQL endpoints. The tester uses
|
||||
introspection queries to map the attack surface, identifies sensitive fields and mutations,
|
||||
tests for query depth and complexity limits, and exploits GraphQL-specific vulnerabilities
|
||||
including batching attacks, alias-based brute force, and nested query DoS. Activates for
|
||||
requests involving GraphQL security testing, introspection attack, GraphQL enumeration, or
|
||||
GraphQL API penetration testing.
|
||||
description: 'Performs GraphQL introspection attacks to extract the full API schema including types, queries, mutations, subscriptions,
|
||||
and field definitions from GraphQL endpoints. The tester uses introspection queries to map the attack surface, identifies
|
||||
sensitive fields and mutations, tests for query depth and complexity limits, and exploits GraphQL-specific vulnerabilities
|
||||
including batching attacks, alias-based brute force, and nested query DoS. Activates for requests involving GraphQL security
|
||||
testing, introspection attack, GraphQL enumeration, or GraphQL API penetration testing.
|
||||
|
||||
'
|
||||
domain: cybersecurity
|
||||
subdomain: api-security
|
||||
tags: [api-security, graphql, introspection, schema-extraction, query-abuse]
|
||||
tags:
|
||||
- api-security
|
||||
- graphql
|
||||
- introspection
|
||||
- schema-extraction
|
||||
- query-abuse
|
||||
version: 1.0.0
|
||||
author: mahipal
|
||||
license: Apache-2.0
|
||||
nist_csf:
|
||||
- PR.PS-01
|
||||
- ID.RA-01
|
||||
- PR.DS-10
|
||||
- DE.CM-01
|
||||
---
|
||||
# Performing GraphQL Introspection Attack
|
||||
|
||||
|
||||
Reference in New Issue
Block a user