Merge pull request #131 from LLM-Coding/copilot/add-owasp-top-10-anchor

Add OWASP Top 10 semantic anchor (EN + DE)

Author: rdmueller

docs/anchors/owasp-top-10.adoc

@@ -0,0 +1,55 @@
+= OWASP Top 10
+:categories: testing-quality
+:roles: software-developer, software-architect, qa-engineer, devops-engineer, consultant, team-lead
+:related: regulated-environment, iec-61508-sil-levels
+:proponents: OWASP Foundation
+:tags: security, web-security, vulnerabilities, risk, appsec, owasp
+
+[%collapsible]
+====
+Full Name:: OWASP Top 10 Web Application Security Risks
+
+Also known as:: OWASP Top Ten, Web Application Security Top 10
+
+[discrete]
+== *Core Concepts*:
+
+A01 – Broken Access Control:: Failure to enforce restrictions on what authenticated users can do; most prevalent web application risk
+
+A02 – Cryptographic Failures:: Sensitive data exposed due to weak or absent encryption; previously called "Sensitive Data Exposure"
+
+A03 – Injection:: Untrusted data sent to an interpreter as part of a command or query (SQL, OS, LDAP injection)
+
+A04 – Insecure Design:: Missing or ineffective security controls resulting from flawed design and threat modeling
+
+A05 – Security Misconfiguration:: Insecure default settings, incomplete configurations, open cloud storage, verbose error messages
+
+A06 – Vulnerable and Outdated Components:: Use of components (libraries, frameworks) with known vulnerabilities
+
+A07 – Identification and Authentication Failures:: Weaknesses in authentication, session management, and credential handling
+
+A08 – Software and Data Integrity Failures:: Code and infrastructure that does not protect against integrity violations (e.g., insecure deserialization, CI/CD tampering)
+
+A09 – Security Logging and Monitoring Failures:: Insufficient logging, detection, and response to breaches
+
+A10 – Server-Side Request Forgery (SSRF):: Server fetches remote resources from attacker-controlled URLs without validation
+
+
+Key Proponent:: OWASP Foundation (https://owasp.org/Top10/, first published 2003, current edition 2021)
+
+[discrete]
+== *When to Use*:
+
+* Performing security risk assessments on web applications
+* Establishing secure coding guidelines and developer training programs
+* Conducting threat modeling and security design reviews
+* Prioritizing security findings during code reviews and penetration tests
+* Defining acceptance criteria for security requirements
+* Auditing third-party or open-source components for known vulnerabilities
+
+[discrete]
+== *Related Anchors*:
+
+* <<regulated-environment,Regulated Environment>>
+* <<iec-61508-sil-levels,IEC 61508 SIL Levels>>
+====

docs/anchors/owasp-top-10.de.adoc

@@ -0,0 +1,55 @@
+= OWASP Top 10
+:categories: testing-quality
+:roles: software-developer, software-architect, qa-engineer, devops-engineer, consultant, team-lead
+:related: regulated-environment, iec-61508-sil-levels
+:proponents: OWASP Foundation
+:tags: security, web-security, vulnerabilities, risk, appsec, owasp
+
+[%collapsible]
+====
+Vollständiger Name:: OWASP Top 10 Web-Anwendungs-Sicherheitsrisiken
+
+Auch bekannt als:: OWASP Top Ten, Web Application Security Top 10
+
+[discrete]
+== *Kernkonzepte*:
+
+A01 – Fehlerhafte Zugriffskontrolle:: Unzureichende Durchsetzung von Einschränkungen für authentifizierte Benutzer; häufigste Schwachstelle in Webanwendungen
+
+A02 – Kryptographische Fehler:: Offenlegung sensibler Daten durch schwache oder fehlende Verschlüsselung; früher als „Sensitive Data Exposure" bekannt
+
+A03 – Injection:: Einschleusen nicht vertrauenswürdiger Daten in einen Interpreter (SQL-, OS-, LDAP-Injection)
+
+A04 – Unsicheres Design:: Fehlende oder ineffektive Sicherheitsmaßnahmen durch fehlerhaftes Design und unzureichendes Threat Modeling
+
+A05 – Sicherheitsfehlkonfiguration:: Unsichere Standardeinstellungen, unvollständige Konfigurationen, offener Cloud-Speicher, zu ausführliche Fehlermeldungen
+
+A06 – Veraltete und anfällige Komponenten:: Einsatz von Bibliotheken, Frameworks oder Komponenten mit bekannten Schwachstellen
+
+A07 – Fehler bei Identifizierung und Authentifizierung:: Schwächen bei Authentifizierung, Session-Management und Credential-Verwaltung
+
+A08 – Fehler bei Software- und Datenintegrität:: Fehlende Absicherung gegen Integritätsverletzungen (z. B. unsichere Deserialisierung, Manipulation der CI/CD-Pipeline)
+
+A09 – Unzureichendes Sicherheits-Logging und -Monitoring:: Mangelnde Protokollierung, Erkennung und Reaktion auf Sicherheitsvorfälle
+
+A10 – Server-Side Request Forgery (SSRF):: Server ruft externe Ressourcen von angreiferkontrollierten URLs ab, ohne diese zu validieren
+
+
+Schlüsselvertreter:: OWASP Foundation (https://owasp.org/Top10/, erstmals 2003 veröffentlicht, aktuelle Ausgabe 2021)
+
+[discrete]
+== *Wann zu verwenden*:
+
+* Durchführung von Sicherheitsrisikobewertungen für Webanwendungen
+* Erstellung von Richtlinien für sicheres Programmieren und Entwicklerschulungen
+* Durchführung von Threat Modeling und sicherheitsorientierten Design-Reviews
+* Priorisierung von Sicherheitsbefunden bei Code-Reviews und Penetrationstests
+* Definition von Abnahmekriterien für Sicherheitsanforderungen
+* Prüfung von Drittanbieter- oder Open-Source-Komponenten auf bekannte Schwachstellen
+
+[discrete]
+== *Verwandte Anker*:
+
+* <<regulated-environment,Reguliertes Umfeld>>
+* <<iec-61508-sil-levels,IEC 61508 SIL-Stufen>>
+====

website/public/data/anchors.json

@@ -625,6 +625,37 @@
     "tags": [],
     "filePath": "docs/anchors/nelson-rules.adoc"
   },
+  {
+    "id": "owasp-top-10",
+    "title": "OWASP Top 10",
+    "categories": [
+      "testing-quality"
+    ],
+    "roles": [
+      "software-developer",
+      "software-architect",
+      "qa-engineer",
+      "devops-engineer",
+      "consultant",
+      "team-lead"
+    ],
+    "related": [
+      "regulated-environment",
+      "iec-61508-sil-levels"
+    ],
+    "proponents": [
+      "OWASP Foundation"
+    ],
+    "tags": [
+      "security",
+      "web-security",
+      "vulnerabilities",
+      "risk",
+      "appsec",
+      "owasp"
+    ],
+    "filePath": "docs/anchors/owasp-top-10.adoc"
+  },
   {
     "id": "problem-space-nvc",
     "title": "Problem Space NVC",

website/public/data/categories.json

@@ -118,6 +118,7 @@
     "anchors": [
       "iec-61508-sil-levels",
       "mutation-testing",
+      "owasp-top-10",
       "property-based-testing",
       "tdd-chicago-school",
       "tdd-london-school",

website/public/data/metadata.json

@@ -1,15 +1,15 @@
 {
-  "generatedAt": "2026-03-01T22:48:19.586Z",
+  "generatedAt": "2026-03-04T12:59:17.826Z",
   "version": "1.0.0",
   "counts": {
-    "anchors": 53,
+    "anchors": 54,
     "categories": 12,
     "roles": 12
   },
   "statistics": {
-    "averageRolesPerAnchor": "3.28",
+    "averageRolesPerAnchor": "3.33",
     "averageCategoriesPerAnchor": "1.00",
-    "anchorsWithTags": 8,
-    "anchorsWithRelated": 7
+    "anchorsWithTags": 9,
+    "anchorsWithRelated": 8
   }
 }

website/public/data/roles.json

@@ -37,6 +37,7 @@
       "mental-model-according-to-naur",
       "morphological-box",
       "moscow",
+      "owasp-top-10",
       "problem-space-nvc",
       "pyramid-principle",
       "regulated-environment",
@@ -71,6 +72,7 @@
       "five-whys",
       "iec-61508-sil-levels",
       "nelson-rules",
+      "owasp-top-10",
       "regulated-environment",
       "semantic-versioning",
       "spc",
@@ -116,6 +118,7 @@
       "five-whys",
       "iec-61508-sil-levels",
       "mutation-testing",
+      "owasp-top-10",
       "property-based-testing",
       "regulated-environment",
       "rubber-duck-debugging",
@@ -144,6 +147,7 @@
       "madr",
       "mece",
       "morphological-box",
+      "owasp-top-10",
       "pugh-matrix",
       "regulated-environment",
       "solid-principles",
@@ -175,6 +179,7 @@
       "mental-model-according-to-naur",
       "morphological-box",
       "mutation-testing",
+      "owasp-top-10",
       "property-based-testing",
       "regulated-environment",
       "rubber-duck-debugging",
@@ -210,6 +215,7 @@
       "madr",
       "mental-model-according-to-naur",
       "moscow",
+      "owasp-top-10",
       "pugh-matrix",
       "pyramid-principle",
       "regulated-environment",