|
Tudela et al. (2020)
|
SAST |
FindSecurityBugs, Fortify95 |
OWASP Top 10:2017 |
OWASP Benchmark project |
|
DAST |
Arachni, OWASP ZAP |
|
|
|
IAST |
CxIAST |
|
|
|
Setiawan, Erlangga & Baskoro (2020)
|
SAST |
SonarQube |
OWASP Top 10:2017 |
Government X Web sites |
|
DAST |
API ZAP |
|
|
|
IAST |
Jenkins |
|
|
|
Li (2020)
|
SAST |
Checkmarx |
OWASP Top 10:2017 & CWE Top 25:2019 |
Mobile malware detection app |
|
Cruz, Almeida & Oliveira (2023)
|
SAST |
Bandit, Codacy, Deepsource, ESLint, Flake8, Horusec, Prospector, Pylint, Radon, Semgrep, SonarQube |
OWASP Top 10:2021 |
Not mentioned |
|
DAST |
Arachni, Beef, Dtectify, Golismero, Invicti, Nikto, Nogotifail, OWASP ZAP, Stackhawk, Vega, Wapiti, Wfuzz |
|
|
|
SCA |
Back Duck, FOSSA, Npm audit, OWASP D.C, Safety, SourceClear, Steady, Yarn Audit |
|
|
|
Khanum, Qadir & Jehan (2023)
|
DAST |
OWASP ZAP |
OWASP Top 10:2021 |
70 Web apps |
