Abstract:
In today’s digital landscape, an online presence is essential but exposes businesses to
cyber threats. Despite Open Web Application Security Project (OWASP) and Com mon Weakness Enumeration (CWE) guidelines, web application vulnerabilities persist.
This research evaluates four Static Application Security Testing (SAST) tools (Yasca,
Snyk, Progpilot, SonarQube) and five Dynamic Application Security Testing (DAST)
tools (BurpSuite, OWASP Zap, Vega, Wapiti, IronWASP) against OWASP Top 10 and
CWE Top 25 standards by assessing seventy-five open-source web apps. OWASP Zap
is most effective for OWASP Top 10 vulnerabilities, while Yasca and Snyk excel at
CWE Top 25. Yasca, IronWASP, and Vega are best for high, medium, and low vulner abilities, respectively. This study helps organizations choose suitable tools to improve
web application security.
