Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
86 changes: 86 additions & 0 deletions application/tests/fixtures/owasp_mappings/owasp_aisvs_1_0.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
[
{
"section_id": "AISVS1",
"section": "Training Data Governance & Bias Management",
"hyperlink": "https://github.com/OWASP/AISVS/tree/main/1.0/en/0x10-C01-Training-Data-Governance.md",
"cre_ids": ["227-045", "307-507"]
},
{
"section_id": "AISVS2",
"section": "User Input Validation",
"hyperlink": "https://github.com/OWASP/AISVS/tree/main/1.0/en/0x10-C02-User-Input-Validation.md",
"cre_ids": ["031-447", "760-764"]
},
{
"section_id": "AISVS3",
"section": "Model Lifecycle Management & Change Control",
"hyperlink": "https://github.com/OWASP/AISVS/tree/main/1.0/en/0x10-C03-Model-Lifecycle-Management.md",
"cre_ids": ["148-853", "613-285"]
},
{
"section_id": "AISVS4",
"section": "Infrastructure, Configuration & Deployment Security",
"hyperlink": "https://github.com/OWASP/AISVS/tree/main/1.0/en/0x10-C04-Infrastructure.md",
"cre_ids": ["233-748", "486-813"]
},
{
"section_id": "AISVS5",
"section": "Access Control & Identity for AI Components & Users",
"hyperlink": "https://github.com/OWASP/AISVS/tree/main/1.0/en/0x10-C05-Access-Control-and-Identity.md",
"cre_ids": ["633-428", "724-770"]
},
{
"section_id": "AISVS6",
"section": "Supply Chain Security for Models, Frameworks & Data",
"hyperlink": "https://github.com/OWASP/AISVS/tree/main/1.0/en/0x10-C06-Supply-Chain.md",
"cre_ids": ["613-285", "613-287", "863-521"]
},
{
"section_id": "AISVS7",
"section": "Model Behavior, Output Control & Safety Assurance",
"hyperlink": "https://github.com/OWASP/AISVS/tree/main/1.0/en/0x10-C07-Model-Behavior.md",
"cre_ids": ["064-808", "141-555"]
},
{
"section_id": "AISVS8",
"section": "Memory, Embeddings & Vector Database Security",
"hyperlink": "https://github.com/OWASP/AISVS/tree/main/1.0/en/0x10-C08-Memory-Embeddings-and-Vector-Database.md",
"cre_ids": ["126-668", "538-770"]
},
{
"section_id": "AISVS9",
"section": "Autonomous Orchestration & Agentic Action Security",
"hyperlink": "https://github.com/OWASP/AISVS/tree/main/1.0/en/0x10-C09-Orchestration-and-Agentic-Action.md",
"cre_ids": ["117-371", "650-560"]
},
{
"section_id": "AISVS10",
"section": "Model Context Protocol (MCP) Security",
"hyperlink": "https://github.com/OWASP/AISVS/tree/main/1.0/en/0x10-C10-MCP-Security.md",
"cre_ids": ["307-507", "715-223"]
},
{
"section_id": "AISVS11",
"section": "Adversarial Robustness & Privacy Defense",
"hyperlink": "https://github.com/OWASP/AISVS/tree/main/1.0/en/0x10-C11-Adversarial-Robustness.md",
"cre_ids": ["141-555", "623-550"]
},
{
"section_id": "AISVS12",
"section": "Privacy Protection & Personal Data Management",
"hyperlink": "https://github.com/OWASP/AISVS/tree/main/1.0/en/0x10-C12-Privacy.md",
"cre_ids": ["126-668", "227-045", "482-866"]
},
{
"section_id": "AISVS13",
"section": "Monitoring, Logging & Anomaly Detection",
"hyperlink": "https://github.com/OWASP/AISVS/tree/main/1.0/en/0x10-C13-Monitoring-and-Logging.md",
"cre_ids": ["058-083", "148-420", "402-706", "843-841"]
},
{
"section_id": "AISVS14",
"section": "Human Oversight, Accountability & Governance",
"hyperlink": "https://github.com/OWASP/AISVS/tree/main/1.0/en/0x10-C14-Human-Oversight.md",
"cre_ids": ["162-655", "766-162"]
}
]
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
[
{
"section_id": "API1",
"section": "Broken Object Level Authorization",
"hyperlink": "https://owasp.org/API-Security/editions/2023/en/0xa1-broken-object-level-authorization/",
"cre_ids": ["304-667", "724-770"]
},
{
"section_id": "API2",
"section": "Broken Authentication",
"hyperlink": "https://owasp.org/API-Security/editions/2023/en/0xa2-broken-authentication/",
"cre_ids": ["177-260", "586-842", "633-428"]
},
{
"section_id": "API3",
"section": "Broken Object Property Level Authorization",
"hyperlink": "https://owasp.org/API-Security/editions/2023/en/0xa3-broken-object-property-level-authorization/",
"cre_ids": ["538-770", "724-770", "128-128"]
},
{
"section_id": "API4",
"section": "Unrestricted Resource Consumption",
"hyperlink": "https://owasp.org/API-Security/editions/2023/en/0xa4-unrestricted-resource-consumption/",
"cre_ids": ["623-550"]
},
{
"section_id": "API5",
"section": "Broken Function Level Authorization",
"hyperlink": "https://owasp.org/API-Security/editions/2023/en/0xa5-broken-function-level-authorization/",
"cre_ids": ["650-560", "724-770"]
},
{
"section_id": "API6",
"section": "Unrestricted Access to Sensitive Business Flows",
"hyperlink": "https://owasp.org/API-Security/editions/2023/en/0xa6-unrestricted-access-to-sensitive-business-flows/",
"cre_ids": ["534-605", "630-573"]
},
{
"section_id": "API7",
"section": "Server Side Request Forgery",
"hyperlink": "https://owasp.org/API-Security/editions/2023/en/0xa7-server-side-request-forgery/",
"cre_ids": ["028-728", "657-084"]
},
{
"section_id": "API8",
"section": "Security Misconfiguration",
"hyperlink": "https://owasp.org/API-Security/editions/2023/en/0xa8-security-misconfiguration/",
"cre_ids": ["486-813"]
},
{
"section_id": "API9",
"section": "Improper Inventory Management",
"hyperlink": "https://owasp.org/API-Security/editions/2023/en/0xa9-improper-inventory-management/",
"cre_ids": ["162-655", "863-521"]
},
{
"section_id": "API10",
"section": "Unsafe Consumption of APIs",
"hyperlink": "https://owasp.org/API-Security/editions/2023/en/0xaa-unsafe-consumption-of-apis/",
"cre_ids": ["715-223"]
}
]
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
[
{
"section": "Authorization Cheat Sheet",
"hyperlink": "https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html",
"cre_ids": ["128-128", "117-371"]
},
{
"section": "REST Security Cheat Sheet",
"hyperlink": "https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html",
"cre_ids": ["118-110", "724-770", "623-550"]
},
{
"section": "Server Side Request Forgery Prevention Cheat Sheet",
"hyperlink": "https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html",
"cre_ids": ["028-728", "657-084"]
},
{
"section": "Docker Security Cheat Sheet",
"hyperlink": "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html",
"cre_ids": ["233-748", "486-813"]
},
{
"section": "Kubernetes Security Cheat Sheet",
"hyperlink": "https://cheatsheetseries.owasp.org/cheatsheets/Kubernetes_Security_Cheat_Sheet.html",
"cre_ids": ["467-784", "233-748", "486-813"]
},
{
"section": "Secure Cloud Architecture Cheat Sheet",
"hyperlink": "https://cheatsheetseries.owasp.org/cheatsheets/Secure_Cloud_Architecture_Cheat_Sheet.html",
"cre_ids": ["155-155", "467-784"]
},
{
"section": "LLM Prompt Injection Prevention Cheat Sheet",
"hyperlink": "https://cheatsheetseries.owasp.org/cheatsheets/LLM_Prompt_Injection_Prevention_Cheat_Sheet.html",
"cre_ids": ["161-451", "760-764"]
},
{
"section": "AI Agent Security Cheat Sheet",
"hyperlink": "https://cheatsheetseries.owasp.org/cheatsheets/AI_Agent_Security_Cheat_Sheet.html",
"cre_ids": ["117-371", "650-560", "126-668"]
},
{
"section": "Secure AI Model Ops Cheat Sheet",
"hyperlink": "https://cheatsheetseries.owasp.org/cheatsheets/Secure_AI_Model_Ops_Cheat_Sheet.html",
"cre_ids": ["148-853", "613-285", "613-287"]
}
]
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
[
{
"section_id": "K01",
"section": "Insecure Workload Configurations",
"hyperlink": "https://owasp.org/www-project-kubernetes-top-ten/2022/en/src/K01-insecure-workload-configurations",
"cre_ids": ["233-748", "486-813"]
},
{
"section_id": "K02",
"section": "Supply Chain Vulnerabilities",
"hyperlink": "https://owasp.org/www-project-kubernetes-top-ten/2022/en/src/K02-supply-chain-vulnerabilities",
"cre_ids": ["613-285", "613-287"]
},
{
"section_id": "K03",
"section": "Overly Permissive RBAC Configurations",
"hyperlink": "https://owasp.org/www-project-kubernetes-top-ten/2022/en/src/K03-overly-permissive-rbac-configurations",
"cre_ids": ["128-128", "724-770"]
},
{
"section_id": "K04",
"section": "Lack of Centralized Policy Enforcement",
"hyperlink": "https://owasp.org/www-project-kubernetes-top-ten/2022/en/src/K04-lack-of-centralized-policy-enforcement",
"cre_ids": ["117-371"]
},
{
"section_id": "K05",
"section": "Inadequate Logging and Monitoring",
"hyperlink": "https://owasp.org/www-project-kubernetes-top-ten/2022/en/src/K05-inadequate-logging-and-monitoring",
"cre_ids": ["058-083", "148-420", "402-706", "843-841"]
},
{
"section_id": "K06",
"section": "Broken Authentication Mechanisms",
"hyperlink": "https://owasp.org/www-project-kubernetes-top-ten/2022/en/src/K06-broken-authentication-mechanisms",
"cre_ids": ["177-260", "586-842", "633-428"]
},
{
"section_id": "K07",
"section": "Missing Network Segmentation Controls",
"hyperlink": "https://owasp.org/www-project-kubernetes-top-ten/2022/en/src/K07-missing-network-segmentation-controls",
"cre_ids": ["132-146", "467-784", "515-021"]
},
{
"section_id": "K08",
"section": "Secrets Management Failures",
"hyperlink": "https://owasp.org/www-project-kubernetes-top-ten/2022/en/src/K08-secrets-management-failures",
"cre_ids": ["340-375", "774-888", "813-610"]
},
{
"section_id": "K09",
"section": "Misconfigured Cluster Components",
"hyperlink": "https://owasp.org/www-project-kubernetes-top-ten/2022/en/src/K09-misconfigured-cluster-components",
"cre_ids": ["233-748", "486-813"]
},
{
"section_id": "K10",
"section": "Outdated and Vulnerable Kubernetes Components",
"hyperlink": "https://owasp.org/www-project-kubernetes-top-ten/2022/en/src/K10-outdated-and-vulnerable-kubernetes-components",
"cre_ids": ["053-751", "715-334", "863-521"]
}
]
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
[
{
"section_id": "K01",
"section": "Insecure Workload Configurations",
"hyperlink": "https://owasp.org/www-project-kubernetes-top-ten/",
"cre_ids": ["233-748", "486-813"],
"fallback_section_ids": ["K01"]
},
{
"section_id": "K02",
"section": "Overly Permissive Authorization Configurations",
"hyperlink": "https://owasp.org/www-project-kubernetes-top-ten/",
"cre_ids": ["128-128", "724-770"],
"fallback_section_ids": ["K03"]
},
{
"section_id": "K03",
"section": "Secrets Management Failures",
"hyperlink": "https://owasp.org/www-project-kubernetes-top-ten/",
"cre_ids": ["340-375", "774-888", "813-610"],
"fallback_section_ids": ["K08"]
},
{
"section_id": "K04",
"section": "Lack Of Cluster Level Policy Enforcement",
"hyperlink": "https://owasp.org/www-project-kubernetes-top-ten/",
"cre_ids": ["117-371"],
"fallback_section_ids": ["K04"]
},
{
"section_id": "K05",
"section": "Missing Network Segmentation Controls",
"hyperlink": "https://owasp.org/www-project-kubernetes-top-ten/",
"cre_ids": ["132-146", "467-784", "515-021"],
"fallback_section_ids": ["K07"]
},
{
"section_id": "K06",
"section": "Overly Exposed Kubernetes Components",
"hyperlink": "https://owasp.org/www-project-kubernetes-top-ten/",
"cre_ids": ["152-725", "640-364"],
"fallback_section_ids": ["K09"]
},
{
"section_id": "K07",
"section": "Misconfigured And Vulnerable Cluster Components",
"hyperlink": "https://owasp.org/www-project-kubernetes-top-ten/",
"cre_ids": ["053-751", "233-748", "486-813", "715-334"],
"fallback_section_ids": ["K09", "K10"]
},
{
"section_id": "K08",
"section": "Cluster To Cloud Lateral Movement",
"hyperlink": "https://owasp.org/www-project-kubernetes-top-ten/",
"cre_ids": ["132-146", "640-364", "724-770"],
"fallback_section_ids": ["K03", "K07"]
},
{
"section_id": "K09",
"section": "Broken Authentication Mechanisms",
"hyperlink": "https://owasp.org/www-project-kubernetes-top-ten/",
"cre_ids": ["177-260", "586-842", "633-428"],
"fallback_section_ids": ["K06"]
},
{
"section_id": "K10",
"section": "Inadequate Logging And Monitoring",
"hyperlink": "https://owasp.org/www-project-kubernetes-top-ten/",
"cre_ids": ["058-083", "148-420", "402-706", "843-841"],
"fallback_section_ids": ["K05"]
}
]
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
[
{
"section_id": "LLM01",
"section": "Prompt Injection",
"hyperlink": "https://genai.owasp.org/llmrisk/llm01-prompt-injection/",
"cre_ids": ["161-451", "760-764"]
},
{
"section_id": "LLM02",
"section": "Sensitive Information Disclosure",
"hyperlink": "https://genai.owasp.org/llmrisk/llm022025-sensitive-information-disclosure/",
"cre_ids": ["126-668", "227-045"]
},
{
"section_id": "LLM03",
"section": "Supply Chain",
"hyperlink": "https://genai.owasp.org/llmrisk/llm032025-supply-chain/",
"cre_ids": ["613-285", "613-287"]
},
{
"section_id": "LLM04",
"section": "Data and Model Poisoning",
"hyperlink": "https://genai.owasp.org/llmrisk/llm042025-data-and-model-poisoning/",
"cre_ids": ["307-507", "613-287"]
},
{
"section_id": "LLM05",
"section": "Improper Output Handling",
"hyperlink": "https://genai.owasp.org/llmrisk/llm052025-improper-output-handling/",
"cre_ids": ["064-808"]
},
{
"section_id": "LLM06",
"section": "Excessive Agency",
"hyperlink": "https://genai.owasp.org/llmrisk/llm062025-excessive-agency/",
"cre_ids": ["117-371", "650-560"]
},
{
"section_id": "LLM07",
"section": "System Prompt Leakage",
"hyperlink": "https://genai.owasp.org/llmrisk/llm072025-system-prompt-leakage/",
"cre_ids": ["126-668", "227-045"]
},
{
"section_id": "LLM08",
"section": "Vector and Embedding Weaknesses",
"hyperlink": "https://genai.owasp.org/llmrisk/llm082025-vector-and-embedding-weaknesses/",
"cre_ids": ["126-668", "538-770"]
},
{
"section_id": "LLM09",
"section": "Misinformation",
"hyperlink": "https://genai.owasp.org/llmrisk/llm092025-misinformation/",
"cre_ids": ["141-555"]
},
{
"section_id": "LLM10",
"section": "Unbounded Consumption",
"hyperlink": "https://genai.owasp.org/llmrisk/llm102025-unbounded-consumption/",
"cre_ids": ["267-031", "623-550"]
}
]
Loading
Loading