Application Vulnerability - OWASP Top 10 Category

Chetan21 · ‎04-07-2022

We have a requirement to correlate identified vulnerability with the OWASP Top category. For e.g. While manually creating vulnerability ( pen test) when a specific CWE is selected, if the selected CWE is mapped to one of OWASP Top 10 then the OWASP category should be available.

Currently when the CWE are ingested via "CWE Comprehensive 2000" Integration its position in OWASP Top 10 is available however we also need the OWASP category

Appreciate your thoughts or pointers based on your experience

Chris McDevitt · ‎04-08-2022

Here is what I would do:

1. Create a new table to Store the OWASP data (probably overkill, but makes it future proof)

2. Create a new field on the CWE table that references your new OWASP table

3. Build Excel sheets, One to populate your new table and one to populate the new field on the CWE table

4. Build Transform maps and load the data.

5. Use a UI Policy check and see if 'OWASP TOP 10 Position' is not empty, then display the new field