OWASP Top 10 Coverage
Coverage matrix
| # | OWASP Top 10 (2021) | Tools |
|---|---|---|
| A01 | Broken Access Control | ZAP, Nuclei, Shannon AI |
| A02 | Cryptographic Failures | TestSSL, ZAP, Nuclei |
| A03 | Injection | ZAP, Nuclei, Nikto, Semgrep |
| A04 | Insecure Design | Shannon AI, Semgrep |
| A05 | Security Misconfiguration | Nuclei, Nikto, Nmap, ZAP, FFUF |
| A06 | Vulnerable Components | Trivy, Nuclei |
| A07 | Authentication Failures | ZAP, Nuclei, Nikto |
| A08 | Software and Data Integrity | Trivy, Gitleaks, Semgrep |
| A09 | Security Logging Failures | Shannon AI |
| A10 | Server-Side Request Forgery | ZAP, Nuclei, Semgrep |
Notes
- Shannon AI provides coverage for design-level issues (A04, A09) through its threat modeling and STRIDE analysis capabilities
- White box tools (Semgrep, Trivy, Gitleaks) significantly improve coverage for A03, A04, A06, A08, and A10
- All findings include the OWASP category when applicable