I'm looking to create a dynamic search list to test for web application vulnerabilities that are part of the OWASP Top 10 (if possible, of 2013). I have managed to get some of the desired QIDs into the list, but I am not sure if the set is exhaustive. Unfortunately this question doesn't seem to have been answered before, which is why I'm creating this new topic.
I selected the Category filter and set it to Web Application, which gave me a total of 106 QIDs. I think this set is too broad, but I cannot find a way to narrow it down. I attempted the List Inclusion filter, which I set to SANS Top 20 in absence of an OWASP Top 10 option, but this combination matched no QIDs. This strikes me as strange, since QIDs that are part of SANS should be part of the Web Application category as well, if I'm not mistaken.
Is this a bug, or am I doing something wrong? Also, how do I get the search list to correctly search for Web Application vulnerabilities that are part of the OWASP Top 10 of 2013 (or 2010 if that's not possible)?