creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-15 15:34:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat: add NIST CSF 2.0 nist_csf field to all 754 cybersecurity skills

Browse Source 
Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions)
based on subdomain and content analysis. Restores 11 skills corrupted during
prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields.

All 754 skills now carry structured mappings for all 5 security frameworks:
- MITRE ATT&CK (in tags)
- MITRE ATLAS v5.5 (atlas_techniques)
- MITRE D3FEND v1.3 (d3fend_techniques)
- NIST AI RMF 1.0 (nist_ai_rmf)
- NIST CSF 2.0 (nist_csf)
This commit is contained in:
mukul975
2026-04-06 11:17:31 +02:00
parent e8105a2f4d
commit efca3ec611
754 changed files with 12847 additions and 2832 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/testing-api-for-broken-object-level-authorization/SKILL.md
+20 -9
View File
@@ -1,19 +1,30 @@
---
name: testing-api-for-broken-object-level-authorization
description: >
Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR) vulnerabilities
where an authenticated user can access or modify resources belonging to other users by
manipulating object identifiers in API requests. The tester intercepts API calls, identifies
object ID parameters (numeric IDs, UUIDs, slugs), and systematically replaces them with IDs
belonging to other users to determine if the server enforces per-object authorization. This
is OWASP API Security Top 10 2023 risk API1. Activates for requests involving BOLA testing,
IDOR in APIs, object-level authorization testing, or API access control bypass.
description: 'Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR) vulnerabilities where an authenticated
user can access or modify resources belonging to other users by manipulating object identifiers in API requests. The tester
intercepts API calls, identifies object ID parameters (numeric IDs, UUIDs, slugs), and systematically replaces them with
IDs belonging to other users to determine if the server enforces per-object authorization. This is OWASP API Security Top
10 2023 risk API1. Activates for requests involving BOLA testing, IDOR in APIs, object-level authorization testing, or API
access control bypass.
'
domain: cybersecurity
subdomain: api-security
tags: [api-security, owasp, bola, idor, authorization, rest-security]
tags:
- api-security
- owasp
- bola
- idor
- authorization
- rest-security
version: 1.0.0
author: mahipal
license: Apache-2.0
nist_csf:
- PR.PS-01
- ID.RA-01
- PR.DS-10
- DE.CM-01
---
# Testing API for Broken Object Level Authorization