Table A9. RQ2: findings for OWASP top 10:2021 risk categories (number of vulnerabilities found).
The highest number of vulnerabilities found by each tool are shown in bold.
| Category | Yasca | Prog-pilot | Synk | Sonar-Qube | OWASP ZAP | Wapiti | Vega | Iron-WASP | Burp-suite |
|---|---|---|---|---|---|---|---|---|---|
| A01:2021 Broken Access Control | 0 | 0 | 0 | 0 | 500 | 0 | 0 | 0 | 0 |
| A02:2021 Cryptographic Failures | 1 | 0 | 95 | 1 | 0 | 0 | 0 | 0 | 0 |
| A03:2021 Injection | 17,748 | 1,179 | 1,776 | 2 | 537 | 193 | 349 | 662 | 276 |
| A04:2021 Insecure Design | 0 | 0 | 0 | 0 | 335 | 1 | 0 | 0 | 304 |
| A05:2021 Security Misconfiguration | 1,279 | 50 | 780 | 80 | 10,294 | 547 | 3,761 | 1,611 | 112 |
| A06:2021 Vulnerable and Outdated Components | 0 | 0 | 0 | 1 | 227 | 0 | 0 | 0 | 233 |
| A07:2021 Identification and Authentication Failures | 387 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| A08:2021 Software and Data Integrity Failures | 0 | 0 | 1 | 0 | 28 | 0 | 0 | 0 | 0 |
| A09:2021 Security Logging and Monitoring Failures | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| A10:2021 Server-Side Request Forgery (SSRF) | 0 | 0 | 13 | 0 | 0 | 0 | 0 | 14 | 0 |