Add Owasp category and STRIDE category to findings

[Manonnnn4]

Please fill out the Bug Form or Feature Request Below

---

Feature Request

It would really be nice to be able to link the owasp top 10 category to a finding, and to use the STRIDE categories instead of DREAD.

Example Use Case

"As a user with a bit of knowledge about owasp, I would like to know in which owasp category the findings falls, so it will be easier to find information about it."

[BuffaloWill]

@Manonnnn4 Would the OWASP Top 10 category be used as a part of a generated report? If so, how would this appear? I ask because this could be something better fit for a plug-in (https://github.com/SerpicoProject/SerpicoPlugins) rather than implementing in the main code.

[Manonnnn4]

I'd like to report per finding which owasp top 10 category it falls under (just like I give the risk of the finding, or the DREAD score), so like:

---

• Risk = high
• remediation effort = low
• Owasp category = A6 - security misconfiguration

---

• Finding, remediation, etc.

---

The nice thing of adding it in this way, is that I can then also group my findings per owasp top 10 category (group all security misconfigurations together for example), instead of grouping them per risklevel like I do now, e.g. instead of using ¬report/findings_list/findings:::risk>2¬ I can use: ¬report/findings_list/findings:::owasp_cat=1¬