Table A12. RQ4: findings for comparison of OWASP ZAP’s performance (number of web applications).
| OWASP Top 10:2021 category | Severity level | Khanum, Qadir & Jehan (2023) | This work |
|---|---|---|---|
| A01:2021 Broken Access Control | High | 57 | 64 |
| Medium | 33 | 60 | |
| Low | 58 | 73 | |
| A03:2021 Injection | High | 0 | 18 |
| Medium | 0 | 2 | |
| Low | 0 | 0 | |
| A04:2021 Insecure Design | High | 35 | 3 |
| Medium | 0 | 16 | |
| Low | 14 | 69 | |
| A05:2021 Security Misconfiguration | High | 63 | 74 |
| Medium | 46 | 75 | |
| Low | 54 | 73 | |
| A06:2021 Vulnerable & Outdated Component | High | 40 | 5 |
| Medium | 40 | 5 | |
| Low | 0 | 0 | |
| A08:2021 Software & Data Integrity Failures | High | 0 | 0 |
| Medium | 0 | 0 | |
| Low | 53 | 20 |