Application Vulnerability - OWASP Top 10 Category
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-07-2022 03:43 PM
We have a requirement to correlate identified vulnerability with the OWASP Top category. For e.g. While manually creating vulnerability ( pen test) when a specific CWE is selected, if the selected CWE is mapped to one of OWASP Top 10 then the OWASP category should be available.
Currently when the CWE are ingested via "CWE Comprehensive 2000" Integration its position in OWASP Top 10 is available however we also need the OWASP category
Appreciate your thoughts or pointers based on your experience
- Labels:
-
Vulnerability Response

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-08-2022 03:01 AM
Here is what I would do:
1. Create a new table to Store the OWASP data (probably overkill, but makes it future proof)
2. Create a new field on the CWE table that references your new OWASP table
3. Build Excel sheets, One to populate your new table and one to populate the new field on the CWE table
4. Build Transform maps and load the data.
5. Use a UI Policy check and see if 'OWASP TOP 10 Position' is not empty, then display the new field