mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 21:54:56 +03:00
mukul975
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
61 lines
2.0 KiB
Markdown
61 lines
2.0 KiB
Markdown
# API Reference: Testing for Broken Access Control
|
|
|
|
## requests Library
|
|
|
|
### Authentication Patterns
|
|
```python
|
|
# Bearer token authentication
|
|
headers = {"Authorization": "Bearer <token>", "Content-Type": "application/json"}
|
|
|
|
# Cookie-based authentication
|
|
cookies = {"session": "session_value"}
|
|
|
|
# Multiple methods
|
|
resp = requests.request("DELETE", url, headers=headers)
|
|
```
|
|
|
|
## Test Categories
|
|
|
|
### Vertical Privilege Escalation
|
|
Test admin endpoints with regular user credentials:
|
|
```python
|
|
for endpoint in admin_endpoints:
|
|
resp = requests.get(url, headers=user_headers)
|
|
# 200 = VULNERABLE, 403 = properly restricted
|
|
```
|
|
|
|
### Horizontal Privilege Escalation (IDOR)
|
|
Access other users' resources:
|
|
```python
|
|
# Replace {id} with other user's ID
|
|
resp = requests.get(f"/api/users/{other_id}/profile", headers=user_headers)
|
|
```
|
|
|
|
### HTTP Method Override
|
|
```python
|
|
override_headers = ["X-HTTP-Method-Override", "X-Method-Override", "X-HTTP-Method"]
|
|
```
|
|
|
|
### Mass Assignment Fields
|
|
| Field | Description |
|
|
|-------|-------------|
|
|
| `role` | User role (admin, user) |
|
|
| `is_admin` | Boolean admin flag |
|
|
| `permissions` | Permission array |
|
|
| `access_level` | Numeric access level |
|
|
| `user_type` | User type classification |
|
|
|
|
## Response Status Interpretation
|
|
| Status | Meaning |
|
|
|--------|---------|
|
|
| 200/201 | Access granted (potential vulnerability if unexpected) |
|
|
| 401 | Not authenticated |
|
|
| 403 | Authenticated but not authorized (correct behavior) |
|
|
| 404 | Resource not found (may hide from unauthorized users) |
|
|
| 405 | Method not allowed |
|
|
|
|
## OWASP References
|
|
- A01:2021 Broken Access Control: https://owasp.org/Top10/A01_2021-Broken_Access_Control/
|
|
- WSTG Access Control: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/
|
|
- IDOR Testing: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References
|