[Owasp-leaders] Mapping mapping OWASP to compliance, standards
Dan Cornell
dan at denimgroup.com
Tue Mar 22 23:38:31 EDT 2011
> Hi, I'm going to be doing a presentation about OWASP with a section on
> 'Mapping OWASP to Compliance and Standards' , and I was wondering if
> there are good Tables, Graphs or presentations on this topic already
> out there?
>
This isn't exactly what you're looking for, but it does map between the OWASP Top 10 (2004 and 2007) as well as the WASC 24 and the CWE 25:
<http://blog.denimgroup.com/denim_group/2010/01/mapping-between-owasp-top-10-2004-2007-wasc-242-and-sans-cwe25.html>
Also Jeremiah Grossman has similar mappings between the WASC 24 and the OWASP Top 10 2010:
<http://jeremiahgrossman.blogspot.com/2010/01/wasc-threat-classification-to-owasp-top.html>
The WASC folks also have this and some more with mappings to MITRE CWE and CAPEC:
<http://projects.webappsec.org/w/page/13246975/Threat-Classification-Taxonomy-Cross-Reference-View>
Again - probably not exactly what you need, but, depending on the compliance regime you're trying to link with, it might help cross-translate.
Thanks,
Dan
More information about the OWASP-Leaders
mailing list