mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-19 22:19:39 +03:00
feat: add NIST CSF 2.0 nist_csf field to all 754 cybersecurity skills
Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions) based on subdomain and content analysis. Restores 11 skills corrupted during prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields. All 754 skills now carry structured mappings for all 5 security frameworks: - MITRE ATT&CK (in tags) - MITRE ATLAS v5.5 (atlas_techniques) - MITRE D3FEND v1.3 (d3fend_techniques) - NIST AI RMF 1.0 (nist_ai_rmf) - NIST CSF 2.0 (nist_csf)
This commit is contained in:
@@ -1,18 +1,28 @@
|
||||
---
|
||||
name: testing-for-xss-vulnerabilities
|
||||
description: >
|
||||
Tests web applications for Cross-Site Scripting (XSS) vulnerabilities by injecting JavaScript
|
||||
payloads into reflected, stored, and DOM-based contexts to demonstrate client-side code
|
||||
execution, session hijacking, and user impersonation. The tester identifies all injection
|
||||
points and output contexts, crafts context-appropriate payloads, and bypasses sanitization
|
||||
and CSP protections. Activates for requests involving XSS testing, cross-site scripting
|
||||
assessment, client-side injection testing, or JavaScript injection vulnerability testing.
|
||||
description: 'Tests web applications for Cross-Site Scripting (XSS) vulnerabilities by injecting JavaScript payloads into
|
||||
reflected, stored, and DOM-based contexts to demonstrate client-side code execution, session hijacking, and user impersonation.
|
||||
The tester identifies all injection points and output contexts, crafts context-appropriate payloads, and bypasses sanitization
|
||||
and CSP protections. Activates for requests involving XSS testing, cross-site scripting assessment, client-side injection
|
||||
testing, or JavaScript injection vulnerability testing.
|
||||
|
||||
'
|
||||
domain: cybersecurity
|
||||
subdomain: penetration-testing
|
||||
tags: [XSS, cross-site-scripting, client-side-security, OWASP-A03, JavaScript-injection]
|
||||
tags:
|
||||
- XSS
|
||||
- cross-site-scripting
|
||||
- client-side-security
|
||||
- OWASP-A03
|
||||
- JavaScript-injection
|
||||
version: 1.0.0
|
||||
author: mahipal
|
||||
license: Apache-2.0
|
||||
nist_csf:
|
||||
- ID.RA-01
|
||||
- ID.RA-06
|
||||
- GV.OV-02
|
||||
- DE.AE-07
|
||||
---
|
||||
# Testing for XSS Vulnerabilities
|
||||
|
||||
|
||||
Reference in New Issue
Block a user