Last Modified: Apr 06, 2023
Opened: Jul 30, 2019 Severity: 4-Minor
OWASP score for a parent policy or child policy is shown as 0. The more accurate value should be 'N/A' since these policies are not configurable for OWASP.
When looking on the policies list, the user may get the impression that the parent or child policies can be configured to comply with OWASP.
Create either child policy or parent policy. On Security ›› Application Security : Security Policies : Policies List page you will see in the OWASP Compliance score the value 0, and when going to OWASP page configuration (Security ›› Overview : OWASP Compliance) the user will see a note that the policy is not configurable for OWASP.
Ignore OWASP Compliance score for child and parent policies.