OWASP Coverage: Top 10, API, LLM, Agentic | Swarm
SWARMv1.0.0
OWASP Coverage|Sign in
40×4
OWASP ITEMS  /  OWASP STANDARDSReceipts each.

All ten.Times four.

One page, four OWASP standards, every category named. Web Top 10. API Security Top 10. LLM Top 10. Agentic Applications Top 10. 36 of 40 items at full coverage; 3 partial; 1 explicitly out of scope. Every claim cites the specialist that owns the vector.

Full36Primary specialist domain. Verified PoC for Critical and High.
Partial3Tested as side-effect or with limited depth. Findings appear in the report.
Out of scope1Explicitly excluded. We say what we don’t test, and why.
SWARMSEC.AI · OWASP COVERAGEWEB · API · LLM · AGENTIC

At a glance

Forty items. Three states. One scan.

  1. 01

    OWASP · 2021

    Top 10 for Web Apps

    9/10Full
  2. 02

    OWASP · 2023

    API Security Top 10

    9/10Full
  3. 03

    OWASP · 2025

    Top 10 for LLM Apps

    9/10Full
  4. 04

    OWASP · 2026

    Top 10 for Agentic Apps

    9/10Full
Full coverage — primary specialist domain, verified PoCPartial — tested as a side-effect or with limited depthOut of scope — explicitly excluded; we say what we don't test
01

OWASP · 2021

Top 10 for Web Apps

The classics. SaaS pen tests are still 70% these.

9/10Full coverage
  1. 01
    A01Broken Access ControlIDOR, privilege escalation, cross-tenant leaks
    Full
  2. 02
    A02Cryptographic FailuresJWT misuse, leaked secrets, weak ciphers
    Full
  3. 03
    A03InjectionSQLi, command, NoSQL, template, header
    Full
  4. 04
    A04Insecure DesignLogic flaws, business-flow abuse, chain analysis
    Full
  5. 05
    A05Security MisconfigurationCORS, headers, exposed admin, defaults
    Full
  6. 06
    A06Vulnerable ComponentsDaily CISA KEV ingest · slopsquatting heuristic
    Full
  7. 07
    A07Authentication FailuresClerk, Auth0, Okta, Stytch, Cognito, Firebase, Supabase, custom
    Full
  8. 08
    A08Data Integrity FailuresWebhook signature replay, deserialization
    Full
  9. 09
    A09Logging & MonitoringSurfaced as side-effect; not a primary domain
    Partial
  10. 10
    A10Server-Side Request ForgeryInternal-IP probes, metadata-endpoint reachability
    Full
02

OWASP · 2023

API Security Top 10

The boundary every modern SaaS lives or dies on.

9/10Full coverage
  1. 01
    API1Broken Object-Level Auth (BOLA)Every ID parameter tested cross-account
    Full
  2. 02
    API2Broken AuthenticationJWT, session, refresh, OAuth flows
    Full
  3. 03
    API3Object Property-Level AuthField-level leakage, mass assignment
    Full
  4. 04
    API4Resource ConsumptionRate-limit probing, expensive queries
    Full
  5. 05
    API5Function-Level Auth (BFLA)Admin endpoint exposure, role-bypass
    Full
  6. 06
    API6Sensitive Business Flow AbuseWebhook replay, payment-bypass, refund-loop
    Full
  7. 07
    API7Server-Side Request ForgerySame coverage as A10
    Full
  8. 08
    API8Security MisconfigurationCORS, default routes, error verbosity
    Full
  9. 09
    API9Improper InventoryShadow / deprecated endpoints, version-leak
    Partial
  10. 10
    API10Unsafe API ConsumptionOutbound webhook target, third-party trust
    Full
03

OWASP · 2025

Top 10 for LLM Apps

Where most automated scanners draw a blank.

9/10Full coverage
  1. 01
    LLM01Prompt InjectionDirect, indirect, tool-mediated, browser-mediated
    Full
  2. 02
    LLM02Sensitive Info DisclosureMemory leakage, key exfil via proxy
    Full
  3. 03
    LLM03Supply ChainSlopsquatting · model artifacts · weight integrity
    Full
  4. 04
    LLM04Data & Model PoisoningVector-store poisoning · RAG-ingest paths
    Full
  5. 05
    LLM05Improper Output HandlingCVE-2025-32711 EchoLeak class · output→XSS/SQLi
    Full
  6. 06
    LLM06Excessive AgencyTool-allowlist gaps, hosted-MCP scope
    Full
  7. 07
    LLM07System Prompt LeakagePersona extraction via tool calls
    Full
  8. 08
    LLM08Vector / Embedding WeaknessVector-DB auth, embedding-collision
    Full
  9. 09
    LLM09MisinformationOut of scope: content quality, not security
    Out of scope
  10. 10
    LLM10Unbounded ConsumptionToken-flood, cost-exhaustion
    Full
04

OWASP · 2026

Top 10 for Agentic Apps

The category most products haven't even noticed yet.

9/10Full coverage
  1. 01
    ASI01Agent Goal HijackHidden-prompt redirection, indirect injection
    Full
  2. 02
    ASI02Tool Misuse & ExploitationUnsafe chaining, manipulated tool outputs
    Full
  3. 03
    ASI03Identity & Privilege AbuseDelegated trust, inherited creds, role chains
    Full
  4. 04
    ASI04Agentic Supply ChainCVE-2025-6514 mcp-remote · tool-desc rug-pull
    Full
  5. 05
    ASI05Unexpected Code ExecutionAgent-generated SQLi, output→exec paths
    Full
  6. 06
    ASI06Memory & Context PoisoningPersistent-memory, vector-store, RAG-ingest
    Full
  7. 07
    ASI07Inter-Agent CommunicationMulti-agent handoff, message integrity
    Full
  8. 08
    ASI08Cascading FailuresAgent-fleet error propagation
    Full
  9. 09
    ASI09Human–Agent Trust ExploitationOutput-rendering deception, browser-agent
    Full
  10. 10
    ASI10Rogue AgentsDrift detection, scope-bound enforcement
    Partial

Questions

What buyers ask. Receipts attached.

The questions every engineering and security lead asks before they fund an engagement. Read the answers here, before the kickoff call.

01Does Swarm cover the OWASP Top 10 (Web)?

Full coverage on 9 of 10 categories. A01 Broken Access Control, A02 Cryptographic Failures, A03 Injection, A04 Insecure Design, A05 Security Misconfiguration, A06 Vulnerable Components (CISA KEV ingest), A07 Authentication Failures (all major IDPs), A08 Data Integrity Failures, A10 SSRF are full. A09 Logging and Monitoring is partial (surfaced as side-effect, not a primary domain).

02Does Swarm cover the OWASP API Security Top 10?

Full coverage on 9 of 10 categories. BOLA (API1), Broken Authentication (API2), Object Property-Level Auth (API3), Resource Consumption (API4), BFLA (API5), Sensitive Business Flow Abuse (API6), SSRF (API7), Security Misconfiguration (API8), Unsafe API Consumption (API10) are full. Improper Inventory (API9) is partial: shadow and deprecated endpoints are tested but not exhaustively enumerated.

03Does Swarm cover the OWASP LLM Top 10?

Full coverage on 9 of 10 categories. LLM01 Prompt Injection (direct, indirect, tool-mediated, browser-mediated), LLM02 Sensitive Info Disclosure, LLM03 Supply Chain (slopsquatting, model artifacts), LLM04 Data and Model Poisoning (vector-store, RAG-ingest), LLM05 Improper Output Handling (CVE-2025-32711 EchoLeak class), LLM06 Excessive Agency, LLM07 System Prompt Leakage, LLM08 Vector and Embedding Weakness, LLM10 Unbounded Consumption are full. LLM09 Misinformation is explicitly out of scope: content quality, not security.

04Does Swarm cover the OWASP Top 10 for Agentic Applications?

Full coverage on 9 of 10 categories. ASI01 Agent Goal Hijack, ASI02 Tool Misuse and Exploitation, ASI03 Identity and Privilege Abuse, ASI04 Agentic Supply Chain (includes CVE-2025-6514 mcp-remote OAuth RCE), ASI05 Unexpected Code Execution, ASI06 Memory and Context Poisoning, ASI07 Inter-Agent Communication, ASI08 Cascading Failures, ASI09 Human-Agent Trust Exploitation are full. ASI10 Rogue Agents is partial: drift detection and scope-bound enforcement are tested but the full rogue-agent taxonomy is still being mapped.

05Does Swarm test for SSRF?

Yes. SSRF (A10 in OWASP Top 10 Web, API7 in OWASP API Top 10) is fully covered. Specialists probe internal-IP endpoints, cloud metadata endpoints (AWS, GCP, Azure), and any URL parameter that could be redirected to internal infrastructure.

06Does Swarm test for prompt injection?

Yes. Prompt injection (OWASP LLM01) is one of Swarm's core LLM specialisms. Direct injection (user message), indirect injection (retrieved content), tool-mediated injection (tool output treated as instruction), and browser-mediated injection (page content the agent navigates to) are all tested by dedicated specialists.

07What does "partial" coverage mean?

Partial means the attack class is tested as a side-effect of the engagement or with limited depth, but it is not a primary specialist domain. For example, A09 Logging and Monitoring gaps are surfaced when a specialist observes missing access logging during another test, but Swarm does not run a dedicated logging-audit phase. Partial findings still appear in the report with remediation guidance.

Read the receipts.
ENTER YOUR DOMAIN. SWARM MAPS YOUR ATTACK SURFACE IN JUST A FEW MINUTES.No card. Free preview.