PhantomYerra detects and maps findings to all ten OWASP Top 10 web application security risk categories, by CWE and finding class, with a one-click OWASP compliance report.
| ID | Category | Covered | What PhantomYerra detects |
|---|---|---|---|
| A01 | Broken Access Control | Yes | Missing/broken authz, IDOR, path traversal, CSRF, mass assignment |
| A02 | Cryptographic Failures | Yes | Weak ciphers/hashes, plaintext transport, hardcoded keys, weak RNG |
| A03 | Injection | Yes | SQL/command/LDAP/NoSQL/code injection, XSS, SSTI |
| A04 | Insecure Design | Yes | Dangerous defaults, missing validation patterns |
| A05 | Security Misconfiguration | Yes | Debug enabled, permissive CORS, insecure cookies, XXE |
| A06 | Vulnerable & Outdated Components | Yes | SCA + SBOM + advisory matching |
| A07 | Identification & Auth Failures | Yes | Broken auth, session fixation, JWT alg-none |
| A08 | Software & Data Integrity Failures | Yes | Insecure deserialization, gadget chains, supply chain |
| A09 | Logging & Monitoring Failures | Yes | Missing/over-verbose logging, log injection |
| A10 | Server-Side Request Forgery | Yes | SSRF sinks across languages |
Every PhantomYerra finding carries its CWE and the standard IDs it satisfies, so a one-click compliance report maps findings to OWASP Top 10 automatically - alongside the EU Cyber Resilience Act and more.