creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-14 06:54:57 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat: add NIST CSF 2.0 nist_csf field to all 754 cybersecurity skills

Browse Source 
Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions)
based on subdomain and content analysis. Restores 11 skills corrupted during
prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields.

All 754 skills now carry structured mappings for all 5 security frameworks:
- MITRE ATT&CK (in tags)
- MITRE ATLAS v5.5 (atlas_techniques)
- MITRE D3FEND v1.3 (d3fend_techniques)
- NIST AI RMF 1.0 (nist_ai_rmf)
- NIST CSF 2.0 (nist_csf)
This commit is contained in:
mukul975
2026-04-06 11:17:31 +02:00
parent e8105a2f4d
commit efca3ec611
754 changed files with 12847 additions and 2832 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/testing-api-authentication-weaknesses/SKILL.md
+19 -9
View File
@@ -1,19 +1,29 @@
---
name: testing-api-authentication-weaknesses
description: >
Tests API authentication mechanisms for weaknesses including broken token validation,
missing authentication on endpoints, weak password policies, credential stuffing
susceptibility, token leakage in URLs or logs, and session management flaws. The tester
evaluates JWT implementation, API key handling, OAuth flows, and session token entropy
to identify authentication bypasses. Maps to OWASP API2:2023 Broken Authentication.
Activates for requests involving API authentication testing, token validation assessment,
credential security testing, or API auth bypass.
description: 'Tests API authentication mechanisms for weaknesses including broken token validation, missing authentication
on endpoints, weak password policies, credential stuffing susceptibility, token leakage in URLs or logs, and session management
flaws. The tester evaluates JWT implementation, API key handling, OAuth flows, and session token entropy to identify authentication
bypasses. Maps to OWASP API2:2023 Broken Authentication. Activates for requests involving API authentication testing, token
validation assessment, credential security testing, or API auth bypass.
'
domain: cybersecurity
subdomain: api-security
tags: [api-security, owasp, authentication, jwt, session-management, credential-security]
tags:
- api-security
- owasp
- authentication
- jwt
- session-management
- credential-security
version: 1.0.0
author: mahipal
license: Apache-2.0
nist_csf:
- PR.PS-01
- ID.RA-01
- PR.DS-10
- DE.CM-01
---
# Testing API Authentication Weaknesses