AnsweredAssumed Answered

Mapping BURP vs WAS Vulnerabilities.

Question asked by Sanjeev Savant on Mar 9, 2019
Latest reply on Mar 11, 2019 by derekv

burp

 

When the vulnerability is being reported by Burp Suite web vulnerability scanner, how can we map it to QID in  WAS?

One method is using  Burp Suite integration one can  import Burp scan report into WAS.

But if the BURP log XML file is not available, some sort of Mapping will be useful. The common link is CWE-ID.

Mapping Table : First is example , second and third row is my question 

BURP Vulnerability

CWE

Qualys QID

OWASP

WASC

Remarks

Password field with autocomplete enabled

200 Information Exposure

150112 Sensitive form field has not disabled autocomplete

A6 Security Misconfiguration

WASC-13 Information Leakage

 

SSL cookie without secure flag set

614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

?

 

 

Search in the Knowledgebase shows shows no results

Cacheable HTTPS response

524 : Information Exposure Through Caching

525 : Information Exposure Through Browser Caching

?

 

 

Search in the Knowledgebase shows shows no results

Outcomes