Reference and Tag with CAPEC IDs consistently #486
Comments
|
User dune73 commented on date 2017-11-25 21:27:25: This topics has been discussed in #924 and in a chat as well. Copying over the summary of the discussion: We talked about this for a great length during the chat. Here are the important bits:
What is CAPEC and what is the relationship to CWE? It is thus that CAPEC is more attack oriented and thus closer to our rules and their categories. |
|
User csanders-git commented on date 2018-01-08 20:28:51: We shall also go through and note the changes to OWASP top 10 tags |
|
User fzipi commented on date 2019-09-28 18:50:35: Will try to get this done, based on what we discussed in the summit. |
|
User dune73 commented on date 2019-09-28 19:36:00: That would be huge, Felipe! |
|
User fzipi commented on date 2019-10-26 11:22:24: Yesterday I had a meeting with one potential student. He will begin playing with Officially he may start by the end of November. We'll see. |
|
User dune73 commented on date 2019-10-28 09:15:32: This sounds very good. Is there anything we should do to make this work? Also: Would this be a moment, where we get in touch with any OWASP projects that might profit from this / might be interested in our data? (First task: Find out which OWASP project might qualify). |
|
CAPEC tagging has been implemented in v3.3. We can thus close this long standing issue. |
Issue originally created by user dune73 on date 2016-08-05 08:57:59.
Link to original issue: SpiderLabs/owasp-modsecurity-crs#486.
CAPEC: Common Attack Pattern Enumeration and Classification (https://capec.mitre.org/)
We have a few rules with CAPEC tags and links to CAPEC descriptions in their comments. But so far this, has not been done in a consistent way. A systematic approach is necessary. It would also be the base for consistent attack statistics.
Part of the task is a discussion if we want to abandon the incomplete OWASP tags - or not.
The text was updated successfully, but these errors were encountered: