Overview
Since 2001, the Open Web Application Security Project (OWASP) has been providing a top ten list of the most critical coding and security flaws in Web development. This list is popularly recognized as a security standard for all Web development.
See the OWASP Top Ten 2017 and OWASP Top Ten 2021 website for more information.
Relevant Warning Classes
The following accordion show the CodeSonar warning classes that are associated with OWASP-2017 and 2021 top ten security rules.
Mapping Definition
The table below show classes from our broad mapping which for a given warning class and category kind combines categories from four sources:
- The close mapping for the class.
- Other categories of that kind that are related to the class in a meaningful way, but not eligible for the close mapping. Usually this indicates a substantial overlap between category and warning class, but overlap that cannot be characterized as a subset or superset relationship.
- It the category kind is hierarchical (of the current category taxonomies, only We has this property): tor all categories trom sources 1 and 2, all ancestors in the taxonomy hierarchy
- In a small number of cases, all descendants of a hierarchical category source 1 or 2 are also applicable to the class. In these cases the descendants are also added to the broad mapping
OWASP-2017
Mapping Summary
Supported | All | Percent Coverage | |
---|---|---|---|
All | 10 | 10 | 100.0% |
Mapping Detail
Rule | Rule Name | Supported |
---|---|---|
OWASP-2017:A1 | Injection | Yes |
OWASP-2017:A2 | Broken authentication | Yes |
OWASP-2017:A3 | Sensitive data exposure | Yes |
OWASP-2017:A4 | XML external entities | Yes |
OWASP-2017:A5 | Broken access control | Yes |
OWASP-2017:A6 | Security misconfiguration | Yes |
OWASP-2017:A7 | Cross site scripting (XSS) | Yes |
OWASP-2017:A8 | Insecure deserialization | Yes |
OWASP-2017:A9 | Using components with known vulnerabilities | Yes |
OWASP-2017:A10 | Insufficient logging and monitoring | Yes |
OSWAP-2021
Mapping Summary
Supported | All | Percent Coverage | |
---|---|---|---|
All | 9 | 10 | 90.0% |
Mapping Detail
Rule | Rule Name | Supported |
---|---|---|
OWASP-2021:A1 | Broken access control | Yes |
OWASP-2021:A2 | Cryptographic failures | Yes |
OWASP-2021:A3 | Injection | Yes |
OWASP-2021:A4 | Insecure design | Yes |
OWASP-2021:A5 | Security misconfiguration | Yes |
OWASP-2021:A6 | Vulnerable and outdated components | Yes |
OWASP-2021:A7 | Identification and authorization failures | Yes |
OWASP-2021:A8 | Software and data integrity failures | Yes |
OWASP-2021:A9 | Security logging and monitoring failures | Yes |
OWASP-2021:A10 | Server-side request forgery | No |