See how XploitScan maps to SOC2, ISO 27001, OWASP Top 10, and CWE controls
SOC 2 (Service Organization Control 2)
A US-based audit framework that evaluates how well a company protects customer data. Created by the AICPA, it covers security, availability, and confidentiality.
Why it matters: Many B2B customers and enterprise buyers require SOC2 reports before signing contracts. Showing SOC2 compliance coverage signals that your app handles data responsibly.
11/11 controls covered100% coverage
ISO/IEC 27001
An international standard for information security management. It defines a systematic approach to managing sensitive company and customer information.
Why it matters: Required or preferred by organizations worldwide, especially in Europe and government contracts. ISO 27001 certification demonstrates a mature security program.
13/13 controls covered100% coverage
OWASP Top 10 (2021)
A widely recognized list of the 10 most critical web application security risks, published by the Open Web Application Security Project.
Why it matters: The industry standard for web app security. Addressing OWASP Top 10 risks is the baseline expectation for any web application — auditors and security teams check this first.
10/10 controls covered100% coverage
CWE (Common Weakness Enumeration)
A community-developed catalog of software and hardware weakness types. Each CWE ID represents a specific type of vulnerability (e.g., CWE-89 is SQL Injection).
Why it matters: CWE IDs are the universal language for describing security weaknesses. They help developers, tools, and security teams communicate precisely about what type of issue was found.
86/86 controls covered100% coverage
Control
Description
Rules
Status
Control
Description
Rules
Status
Control
Description
Rules
Status
Control
Description
Rules
Status
Covered (3+ rules)
Partial (1-2 rules)
Not Covered
Compliance Coverage — SOC 2, ISO 27001, OWASP Top 10 & CWE Mapping | XploitScan