Show OWASP Top 10 score in the security dashboard
#119029
Blocked byProblem to solve
We list vulnerabilities, and we use Severity to give a classification of them.
This is good, but OWASP defines the top 10 classes of vulnerabilities that affect web applications.
- Injection
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities (XXE)
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- Using Components with Known Vulnerabilities
- Insufficient Logging & Monitoring
Security teams can benefit to know if they are affected by any of these classes.
Proposal
In the Group Security Dashboard (and later also in other places) we can show the OWASP Top 10 score, showing how many classes have no vulnerabilities. The higher the score is, the safer.
Or we can use the opposite approach, so showing how many classes have vulnerabilities.
This information can rely on OWASP classification tools may provide. Otherwise, we can classify vulnerabilities with matching rules.
Users should be able to use those classes to filter the dashboard as well.
Links / references
Edited by Seth Berger