Skip to main content

Adding OWASP Top 10 2017 to CxSAST version 8.5

Step 1. Import the “OWASP Top 10 2017” Preset

Follow the instructions in our user guide to import the new preset “OWASP Top 10 2017” into CxSAST: Preset Manager (see “Importing a Preset”)

The preset file you need to import: OWASP TOP 10 - 2017.xml

Step 2. Use the “OWASP Top 10 2017” Preset

You can create a new project with the new preset “OWASP Top 10 2017”: Creating and Configuring a CxSAST Project

or change the chosen preset of an existing project to “OWASP Top 10 2017” preset: Viewing Project Details (see “General Properties”)

Step 3. Import new queries to cover A10

Follow the instructions in our user guide to import the queries into CxSAST: Viewing, Importing, and Exporting Queries

The queries file you need to import (Java & C#): Insufficient_Logging_of_Exceptions.xml

Step 4. Add the imported queries to the “OWASP Top 10 2017” preset

Follow the instructions in our user guide to add the queries you imported to the new “OWASP Top 10 2017” preset: Preset Manager (see “Modifying an Existing Preset”)

In the preset manager, the imported queries will be found under:

Java > Corp > Java_Best_Coding_Practice > Insufficient_Logging_of_Exceptions

CSharp > Corp > CSharp_Best_Coding_Practice > Insufficient_Logging_of_Exceptions

Step 5. You’re done!

In all future scans, CxSAST will search for OWASP Top 10 2017 vulnerabilities in your project.

Notes

  • In addition to these queries and preset, CxSAST version 8.6 will introduce the following enhancements for OWASP Top 10 2017:

    New results viewer category, additional queries which extend our support for the new standard, and an “OWASP Top 10 2017” report format.

  • For now, when you use the new “OWASP Top 10 2017” preset, reporting will still be based on OWASP Top 10 2013 categories.

  • When upgrading to CxSAST 8.6, please make sure to delete the imported queries using CxAudit in order to get the latest query versions.