Mapping issues to OWASP Top 10

75 views

Skip to first unread message

psiinon

unread,

Aug 12, 2021, 3:22:09 AM8/12/21

to zaprox...@googlegroups.com, OWASP ZAP Developer Group

We've had quite a few requests to include the OWASP Top Ten Id with issues as we do with CWE Ids and WASC Ids.

I believe a contributor is working on the code changed but actually mapping all of our existing alerts will be a non trivial process.

We'll need to include the year as well so I was thiking we'd display something like: "OWASP 2017 A1" etc. So any one issue could potentially map to multiple OWASP IDs across multiple years :/

Would anyone like to help us map the current ZAP issues?

If so then please let me know...

Many thanks,

Simon
--

OWASP ZAP Project leader

kingthorin+owaspzap

unread,

Aug 12, 2021, 9:28:55 AM8/12/21

to OWASP ZAP User Group

Why don't we get the Top10 to establish a reference/identifier standard?

Ex:

https://owasp.org/www-project-web-security-testing-guide/#how-to-reference-wstg-scenarios

https://owasp.org/www-project-application-security-verification-standard/#how-to-reference-asvs-requirements

Reply all

Reply to author

Forward

0 new messages