Table 7. RQ2: recommended tool.
| Tool | OWASP Top 10:2021 | CWE Top 25:2023 |
|---|---|---|
| Yasca | A03:2021 Injection | CWE-79: Improper Neutralization of Input During |
| A07:2021 Identification and Authentication Failures | Web Page Generation (‘Cross-site Scripting’) | |
| CWE-798: Use of Hard-coded Credentials | ||
| Progpilot | – | CWE-89: SQL Injection |
| Snyk | – | CWE-862: Missing Authorization |
| SonarQube | – | |
| OWASP ZAP | A01:2021 Broken Access Control | – |
| A04:2021 Insecure Design | ||
| A05:2021 Security Misconfiguration | ||
| Wapiti | – | |
| Vega | – | CWE-22: Path Traversal |
| Iron WASP | – | CWE-434: Unrestricted File Upload |
| Burp suite | A06:2021 Vulnerable and Outdated Components |