Add Owasp category and STRIDE category to findings #533
Comments
Manonnnn4
changed the title
|
@Manonnnn4 Would the OWASP Top 10 category be used as a part of a generated report? If so, how would this appear? I ask because this could be something better fit for a plug-in (https://github.com/SerpicoProject/SerpicoPlugins) rather than implementing in the main code. |
|
I'd like to report per finding which owasp top 10 category it falls under (just like I give the risk of the finding, or the DREAD score), so like:
The nice thing of adding it in this way, is that I can then also group my findings per owasp top 10 category (group all security misconfigurations together for example), instead of grouping them per risklevel like I do now, e.g. instead of using ¬report/findings_list/findings:::risk>2¬ I can use: |
Please fill out the Bug Form or Feature Request Below
Feature Request
It would really be nice to be able to link the owasp top 10 category to a finding, and to use the STRIDE categories instead of DREAD.
Example Use Case
"As a user with a bit of knowledge about owasp, I would like to know in which owasp category the findings falls, so it will be easier to find information about it."
The text was updated successfully, but these errors were encountered: