refractor code,
This commit is contained in:
@@ -0,0 +1,67 @@
|
||||
# Compliance Framework Summary
|
||||
|
||||
**Total Findings:** 712
|
||||
**Findings with Compliance Mappings:** 712 (100.0%)
|
||||
|
||||
## Framework Coverage
|
||||
|
||||
| Framework | Coverage |
|
||||
|-----------|----------|
|
||||
| **OWASP Top 10 2021** | 4/10 categories |
|
||||
| **CWE Top 25 2024** | 6/25 weaknesses |
|
||||
| **CIS Controls v8.1** | 7 controls |
|
||||
| **NIST CSF 2.0** | 1427 mappings across 4 functions |
|
||||
| **PCI DSS 4.0** | 5 requirements |
|
||||
| **MITRE ATT&CK** | 4 techniques |
|
||||
|
||||
## OWASP Top 10 2021
|
||||
|
||||
| Category | Findings |
|
||||
|----------|----------|
|
||||
| A01:2021 | 4 |
|
||||
| A02:2021 | 42 |
|
||||
| A03:2021 | 6 |
|
||||
| A10:2021 | 2 |
|
||||
|
||||
## CWE Top 25 2024 (Top 10 Most Frequent)
|
||||
|
||||
| CWE ID | Rank | Findings |
|
||||
|--------|------|----------|
|
||||
| CWE-798 | 18 | 41 |
|
||||
| CWE-863 | 24 | 3 |
|
||||
| CWE-79 | 1 | 3 |
|
||||
| CWE-918 | 19 | 2 |
|
||||
| CWE-20 | 4 | 1 |
|
||||
| CWE-362 | 21 | 1 |
|
||||
|
||||
## NIST Cybersecurity Framework 2.0
|
||||
|
||||
| Function | Findings |
|
||||
|----------|----------|
|
||||
| GOVERN | 671 |
|
||||
| IDENTIFY | 671 |
|
||||
| PROTECT | 82 |
|
||||
| DETECT | 3 |
|
||||
|
||||
## PCI DSS 4.0
|
||||
|
||||
**Requirements with Findings:** 5
|
||||
|
||||
See `PCI_DSS_COMPLIANCE.md` for detailed PCI DSS compliance report.
|
||||
|
||||
## MITRE ATT&CK
|
||||
|
||||
**Techniques Detected:** 4
|
||||
|
||||
See `attack-navigator.json` for interactive ATT&CK Navigator visualization.
|
||||
|
||||
**Top 5 Techniques:**
|
||||
|
||||
1. **T1195** - Supply Chain Compromise (671 findings)
|
||||
2. **T1552** - Unsecured Credentials (41 findings)
|
||||
3. **T1078** - Valid Accounts (41 findings)
|
||||
4. **T1190** - Exploit Public-Facing Application (3 findings)
|
||||
|
||||
---
|
||||
|
||||
*Generated by JMo Security Audit Tool Suite*
|
||||
Reference in New Issue
Block a user