creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-13 14:44:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat: add NIST CSF 2.0 nist_csf field to all 754 cybersecurity skills

Browse Source 
Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions)
based on subdomain and content analysis. Restores 11 skills corrupted during
prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields.

All 754 skills now carry structured mappings for all 5 security frameworks:
- MITRE ATT&CK (in tags)
- MITRE ATLAS v5.5 (atlas_techniques)
- MITRE D3FEND v1.3 (d3fend_techniques)
- NIST AI RMF 1.0 (nist_ai_rmf)
- NIST CSF 2.0 (nist_csf)
This commit is contained in:
mukul975
2026-04-06 11:17:31 +02:00
parent e8105a2f4d
commit efca3ec611
754 changed files with 12847 additions and 2832 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/testing-websocket-api-security/SKILL.md
+20 -9
View File
@@ -1,19 +1,30 @@
---
name: testing-websocket-api-security
description: >
Tests WebSocket API implementations for security vulnerabilities including missing
authentication on WebSocket upgrade, Cross-Site WebSocket Hijacking (CSWSH), injection
attacks through WebSocket messages, insufficient input validation, denial-of-service via
message flooding, and information leakage through WebSocket frames. The tester intercepts
WebSocket handshakes and messages using Burp Suite, crafts malicious payloads, and tests
for authorization bypass on WebSocket channels. Activates for requests involving WebSocket
security testing, WS penetration testing, CSWSH attack, or real-time API security assessment.
description: 'Tests WebSocket API implementations for security vulnerabilities including missing authentication on WebSocket
upgrade, Cross-Site WebSocket Hijacking (CSWSH), injection attacks through WebSocket messages, insufficient input validation,
denial-of-service via message flooding, and information leakage through WebSocket frames. The tester intercepts WebSocket
handshakes and messages using Burp Suite, crafts malicious payloads, and tests for authorization bypass on WebSocket channels.
Activates for requests involving WebSocket security testing, WS penetration testing, CSWSH attack, or real-time API security
assessment.
'
domain: cybersecurity
subdomain: api-security
tags: [api-security, websocket, cswsh, real-time, injection, authentication]
tags:
- api-security
- websocket
- cswsh
- real-time
- injection
- authentication
version: 1.0.0
author: mahipal
license: Apache-2.0
nist_csf:
- PR.PS-01
- ID.RA-01
- PR.DS-10
- DE.CM-01
---
# Testing WebSocket API Security