feat: add NIST CSF 2.0 nist_csf field to all 754 cybersecurity skills

Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions)
based on subdomain and content analysis. Restores 11 skills corrupted during
prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields.

All 754 skills now carry structured mappings for all 5 security frameworks:
- MITRE ATT&CK (in tags)
- MITRE ATLAS v5.5 (atlas_techniques)
- MITRE D3FEND v1.3 (d3fend_techniques)
- NIST AI RMF 1.0 (nist_ai_rmf)
- NIST CSF 2.0 (nist_csf)
This commit is contained in:
mukul975
2026-04-06 11:17:40 +02:00
parent e8105a2f4d
commit efca3ec611
754 changed files with 12847 additions and 2832 deletions
@@ -1,18 +1,28 @@
---
name: testing-for-xss-vulnerabilities
description: >
Tests web applications for Cross-Site Scripting (XSS) vulnerabilities by injecting JavaScript
payloads into reflected, stored, and DOM-based contexts to demonstrate client-side code
execution, session hijacking, and user impersonation. The tester identifies all injection
points and output contexts, crafts context-appropriate payloads, and bypasses sanitization
and CSP protections. Activates for requests involving XSS testing, cross-site scripting
assessment, client-side injection testing, or JavaScript injection vulnerability testing.
description: 'Tests web applications for Cross-Site Scripting (XSS) vulnerabilities by injecting JavaScript payloads into
reflected, stored, and DOM-based contexts to demonstrate client-side code execution, session hijacking, and user impersonation.
The tester identifies all injection points and output contexts, crafts context-appropriate payloads, and bypasses sanitization
and CSP protections. Activates for requests involving XSS testing, cross-site scripting assessment, client-side injection
testing, or JavaScript injection vulnerability testing.
'
domain: cybersecurity
subdomain: penetration-testing
tags: [XSS, cross-site-scripting, client-side-security, OWASP-A03, JavaScript-injection]
tags:
- XSS
- cross-site-scripting
- client-side-security
- OWASP-A03
- JavaScript-injection
version: 1.0.0
author: mahipal
license: Apache-2.0
nist_csf:
- ID.RA-01
- ID.RA-06
- GV.OV-02
- DE.AE-07
---
# Testing for XSS Vulnerabilities