Overview
Since 2001, the Open Web Application Security Project (OWASP) has been providing a top ten list of the most critical coding and security flaws in Web development. This list is popularly recognized as a security standard for all Web development.
See the OWASP Top Ten 2017 and OWASP Top Ten 2021 website for more information.
Relevant Warning Classes
The following accordion show the CodeSonar warning classes that are associated with OWASP-2017 and 2021 top ten security rules.
Mapping Definition
The table below show classes from our broad mapping which for a given warning class and category.
OWASP-2017
Mapping Summary
| Supported | All | Percent Coverage | |
|---|---|---|---|
| All | 10 | 10 | 100.0% |
Mapping Detail
| Rule | Rule Name | Supported |
|---|---|---|
| OWASP-2017:A1 | Injection | Yes |
| OWASP-2017:A2 | Broken authentication | Yes |
| OWASP-2017:A3 | Sensitive data exposure | Yes |
| OWASP-2017:A4 | XML external entities | Yes |
| OWASP-2017:A5 | Broken access control | Yes |
| OWASP-2017:A6 | Security misconfiguration | Yes |
| OWASP-2017:A7 | Cross site scripting (XSS) | Yes |
| OWASP-2017:A8 | Insecure deserialization | Yes |
| OWASP-2017:A9 | Using components with known vulnerabilities | Yes |
| OWASP-2017:A10 | Insufficient logging and monitoring | Yes |
OWASP-2021
Mapping Summary
| Supported | All | Percent Coverage | |
|---|---|---|---|
| All | 9 | 10 | 90.0% |
Mapping Detail
| Rule | Rule Name | Supported |
|---|---|---|
| OWASP-2021:A1 | Broken access control | Yes |
| OWASP-2021:A2 | Cryptographic failures | Yes |
| OWASP-2021:A3 | Injection | Yes |
| OWASP-2021:A4 | Insecure design | Yes |
| OWASP-2021:A5 | Security misconfiguration | Yes |
| OWASP-2021:A6 | Vulnerable and outdated components | Yes |
| OWASP-2021:A7 | Identification and authorization failures | Yes |
| OWASP-2021:A8 | Software and data integrity failures | Yes |
| OWASP-2021:A9 | Security logging and monitoring failures | Yes |
| OWASP-2021:A10 | Server-side request forgery | No |