mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 21:54:56 +03:00
mukul975
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
1.5 KiB
1.5 KiB
API Reference: Implementing API Security Testing with 42Crunch
42Crunch API Security Audit
# Upload OpenAPI spec for audit
curl -X POST https://platform.42crunch.com/api/v2/apis \
-H "X-API-KEY: $CRUNCH_KEY" \
-F "specfile=@openapi.yaml"
# Get audit report
curl https://platform.42crunch.com/api/v2/apis/{api_id}/assessmentreport \
-H "X-API-KEY: $CRUNCH_KEY"
OWASP API Security Top 10 (2023)
| ID | Risk | Audit Check |
|---|---|---|
| API1 | Broken Object Level Auth | BOLA path patterns |
| API2 | Broken Authentication | Security schemes |
| API3 | Broken Object Property Auth | Mass assignment |
| API4 | Unrestricted Resource Consumption | Rate limits |
| API5 | Broken Function Level Auth | Admin endpoints |
| API8 | Security Misconfiguration | HTTP, CORS, headers |
Security Score Deductions
| Issue | Deduction | Severity |
|---|---|---|
| No security schemes | -30 | CRITICAL |
| Security disabled on endpoint | -25 | CRITICAL |
| No global security | -20 | HIGH |
| HTTP server URL | -15 | HIGH |
| No input schema | -15 | HIGH |
| Mass assignment risk | -10 | MEDIUM |
| Unbounded string param | -5 | MEDIUM |
CI/CD Integration (GitHub Actions)
- uses: 42Crunch/api-security-audit-action@v3
with:
api-token: ${{ secrets.CRUNCH_TOKEN }}
min-score: 70
References
- 42Crunch Platform: https://42crunch.com/
- OWASP API Top 10: https://owasp.org/API-Security/
- 42Crunch GitHub Action: https://github.com/42Crunch/api-security-audit-action