Adding OWASP Top 10 2017 to CxSAST version 8.5
Step 1. Import the “OWASP Top 10 2017” Preset
Follow the instructions in our user guide to import the new preset “OWASP Top 10 2017” into CxSAST: Preset Manager (see “Importing a Preset”)
The preset file you need to import: OWASP TOP 10 - 2017.xml
Step 2. Use the “OWASP Top 10 2017” Preset
You can create a new project with the new preset “OWASP Top 10 2017”: Creating and Configuring a CxSAST Project
or change the chosen preset of an existing project to “OWASP Top 10 2017” preset: Viewing Project Details (see “General Properties”)
Step 3. Import new queries to cover A10
Follow the instructions in our user guide to import the queries into CxSAST: Viewing, Importing, and Exporting Queries
The queries file you need to import (Java & C#): Insufficient_Logging_of_Exceptions.xml
Step 4. Add the imported queries to the “OWASP Top 10 2017” preset
Follow the instructions in our user guide to add the queries you imported to the new “OWASP Top 10 2017” preset: Preset Manager (see “Modifying an Existing Preset”)
In the preset manager, the imported queries will be found under:
Java > Corp > Java_Best_Coding_Practice > Insufficient_Logging_of_Exceptions
CSharp > Corp > CSharp_Best_Coding_Practice > Insufficient_Logging_of_Exceptions
Step 5. You’re done!
In all future scans, CxSAST will search for OWASP Top 10 2017 vulnerabilities in your project.
Notes
In addition to these queries and preset, CxSAST version 8.6 will introduce the following enhancements for OWASP Top 10 2017:
New results viewer category, additional queries which extend our support for the new standard, and an “OWASP Top 10 2017” report format.
For now, when you use the new “OWASP Top 10 2017” preset, reporting will still be based on OWASP Top 10 2013 categories.
When upgrading to CxSAST 8.6, please make sure to delete the imported queries using CxAudit in order to get the latest query versions.