OWASP Top 10

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

OWASP Top 10


that would be nice to try to update the relationships between CAPEC
and the OWASP Top 10 CWEs.

I would suggest to use a mapping of the different version of OWASP Top 10

e.g. for all the current CAPEC/CWE relationships to
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
I would suggest to add the same relationship to
CWE-929 OWASP Top Ten 2013 Category A1 - Injection

Attached is the mapping suggested.

Thank you
Best regards

OWASPTOP10_Mapping_CWE.xlsx (12K) Download Attachment