Table 6. RQ1: recommended approach.

Approach	OWASP Top 10:2021	CWE Top 25:2023
Only DAST	A01:2021 Broken Access Control	CWE-119: Buffer Overflow
	A04:2021 Insecure Design	CWE-352: Cross-Site Request Forgery (CSRF)
	A06:2021 Vulnerable and Outdated Components	CWE-862: Missing Authorization
	A08:2021 Software and Data Integrity Failures
Only SAST	A02:2021 Cryptographic Failure	CWE-287: Improper Authentication
	A07:2021 Identification and Authentication Failures	CWE-798: Use of Hard-coded Credentials
	A10:2021 Server-Side Request Forgery (SSRF)	CWE-306: Missing Authentication for Critical Function
Both	A03:2021 Injection	CWE-79: Improper Neutralization of Input During
		Web Page Generation (‘Cross-site Scripting’)
	A05:2021 Security Misconfiguration	CWE-89: SQL Injection
		CWE-22: Path Traversal