Tier 2 - Recommedened Tools

Stay organized with collections Save and categorize content based on your preferences.
Scanning Tool Web Mobile Local API Extension Serverless Instructions
OWASP® Zed Attack Proxy (ZAP)

Use the OWASP ZAP ; ZAP Docker container to perform automated dynamic scans (DAST) against your application.  Predefined configuration files already have all of the necessary CWEs included. All you need to do is add it to your environment and Docker run command. Start Here

FluidAttacks Free & Open Source CLI

Leverage FluidAttacks open source CLI to perform automated static (SAST) scans against your application. A Docker image has been created to include all necessary CWEs. Simply spin up the container and run the scan command within it.  Start Here

Custom DAST / SAST Tools

You can use any CWE-compatible app scanning tool(s) that meet the CASA custom scan requirements. A list of commercial and open source options (not comprehensive) are provided below as example CWE compatible tools

Start Here