explainx.ainewsletter3.4k
tag

authorization

6 indexed skills · max 10 per page

skills (6)

testing-api-for-broken-object-level-authorization

mukul975/Anthropic-Cybersecurity-Skills · testing-api-for-broken-object-level-authorization

0

Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR) vulnerabilities where an authenticated user can access or modify resources belonging to other users by manipulating object identifiers in API requests. The tester intercepts API calls, identifies object ID parameters (numeric IDs, UUIDs, slugs), and systematically replaces them with IDs belonging to other users to determine if the server enforces per-object authorization. This is OWASP API Security Top 10 2023 risk API1. Activates for requests involving BOLA testing, IDOR in APIs, object-level authorization testing, or API access control bypass.

exploiting-oauth-misconfiguration

mukul975/Anthropic-Cybersecurity-Skills · exploiting-oauth-misconfiguration

0

Identifying and exploiting OAuth 2.0 and OpenID Connect misconfigurations including redirect URI manipulation, token leakage, and authorization code theft during security assessments.

configuring-oauth2-authorization-flow

mukul975/Anthropic-Cybersecurity-Skills · configuring-oauth2-authorization-flow

0

Configure secure OAuth 2.0 authorization flows including Authorization Code with PKCE, Client Credentials, and Device Authorization Grant. This skill covers flow selection, PKCE implementation, token

exploiting-broken-function-level-authorization

mukul975/Anthropic-Cybersecurity-Skills · exploiting-broken-function-level-authorization

0

Tests APIs for Broken Function Level Authorization (BFLA) vulnerabilities where regular users can invoke administrative functions or access privileged API endpoints by directly calling them. The tester identifies admin and privileged endpoints, then attempts to access them with regular user credentials by manipulating HTTP methods, URL paths, and request parameters. Maps to OWASP API5:2023 Broken Function Level Authorization. Activates for requests involving BFLA testing, admin endpoint bypass, function-level access control testing, or API privilege escalation.

testing-for-broken-access-control

mukul975/Anthropic-Cybersecurity-Skills · testing-for-broken-access-control

0

Systematically testing web applications for broken access control vulnerabilities including privilege escalation, missing function-level checks, and insecure direct object references.

unit-test-security-authorization

giuseppe-trisciuoglio/developer-kit · Testing

0

Unit testing patterns for Spring Security authorization annotations and role-based access control. \n \n Covers @PreAuthorize , @Secured , and @RolesAllowed method-level security with @WithMockUser test fixtures \n Includes role-based access control (RBAC), expression-based authorization, and custom PermissionEvaluator testing \n Provides MockMvc patterns for testing secured REST endpoints and parameterized role testing strategies \n Demonstrates both allow and deny scenarios, owner-based access