Stay organized with collections
Save and categorize content based on your preferences.
OWASP® Zed Attack Proxy (ZAP)
Use the OWASP ZAP ; ZAP Docker container to perform automated dynamic
scans (DAST) against your application. Predefined
configuration files already have all of the necessary CWEs included.
All you need to do is add it to your environment and Docker run
command. Start Here
FluidAttacks Free & Open Source CLI
Leverage FluidAttacks open source CLI to perform automated
static (SAST) scans against your application. A Docker image has
been created to include all necessary CWEs. Simply spin up the
container and run the scan command within it. Start Here
Custom DAST / SAST Tools
You can use any CWE-compatible app scanning tool(s) that meet the CASA custom scan requirements. A list of commercial and open source options (not comprehensive) are provided below as example CWE compatible tools