ZAP alert categorization in owasp top 10 vulnerabilities
52 views
Skip to first unread message
Ricardo Estalder
Aug 24, 2021, 6:33:26 PM8/24/21
to OWASP ZAP Developer Group
Hello All
Could someone suggest around how to determine from ZAP report alerts that which alert fall under which OWASP top 10 vulnerability. For example, i had seen one example ZAP report where Reference column had OWASP top 10 URL as a value.
There are following columns in my ZAP report:
- Title
- Description
- URL
- Instances
- Solution
- Reference
- CWE ID
- WASC ID
- Source ID
Although, it is obvious to say that we need to go through each alert in detail and logically map it to OWASP top 10. But was wondering if any alert attribute can help to figure it out.
psiinon
Aug 25, 2021, 3:27:42 AM8/25/21
to OWASP ZAP Developer Group
I'm afraid I think its a manual process, although the CWE and WASC ID may help, where they are present.
I recently asked for help doing this mapping on this forum: https://groups.google.com/g/zaproxy-develop/c/fC-M9qGkoIs/m/0FtjlVTfAgAJ
No takers so far...
Cheers,
Simon
kingthorin+owaspzap
Aug 25, 2021, 7:40:11 AM8/25/21
to OWASP ZAP Developer Group
This guide doc might be of interest, related to this topic:
Reply all
Reply to author
Forward
0 new messages