Application Vulnerability - OWASP Top 10 Category

Chetan21
Tera Contributor

We have a requirement to correlate identified vulnerability with the OWASP Top category. For e.g. While manually creating vulnerability ( pen test) when a specific CWE is selected, if the selected CWE is mapped to one of OWASP Top 10 then the OWASP category should be available.

Currently when the CWE are ingested via "CWE Comprehensive 2000" Integration its position in OWASP Top 10 is available however we also need the OWASP category

Appreciate your thoughts  or pointers based on your experience

 

 

1 REPLY 1

Chris McDevitt
ServiceNow Employee
ServiceNow Employee

Here is what I would do:

1. Create a new table to Store the OWASP data (probably overkill, but makes it future proof)

2. Create a new field on the CWE table that references your new OWASP table

3. Build Excel sheets, One to populate your new table and one to populate the new field on the CWE table

4. Build Transform maps and load the data.

5. Use a UI Policy check and see if 'OWASP TOP 10 Position' is not empty, then display the new field