Could someone suggest around how to determine from ZAP report alerts that which alert fall under which OWASP top 10 vulnerability. For example, i had seen one example ZAP report where Reference
column had OWASP top 10 URL
as a value.
There are following columns in my ZAP report:
- Title
- Description
- URL
- Instances
- Solution
- Reference
- CWE ID
- WASC ID
- Source ID
Following are OWASP top 10 vulnerabilities:
https://owasp.org/www-project-top-ten/
- Injection Broken
- Authentication
- Sensitive Data Exposure
- XML External Entities (XXE)
- Broken Access control
- Security misconfigurations
- Cross Site Scripting (XSS)
- Insecure Deserialization
- Using Components with known vulnerabilities
- Insufficient logging and monitoring
Although, it is obvious to say that we need to go through each alert in detail and logically map it to OWASP top 10. But was wondering if any alert attribute can help to figure it out.