SAST tools are not designed for the unique data flow of APIs SAST is too slow to be effective on API-centric applications The second problem with SAST is that its just too slow.

Main / SAST tools are not designed for the unique data flow of APIs SAST is too slow to be effective on API-centric applications The second problem with SAST is that its just too slow.

Discription

The typical approach to a web application vulnerability assessment involves scanning the codebase, creating a model and then running this against an automated scanner such as Burp Suite or ZAP. This process takes time typically in excess of 30 minutes per scan due to the complexity of modern applications. For example, if you have 100 services in your portfolio and each service has 10 endpoints (a conservative estimate) then you would need to run 1,000 scans
https://t.co/VwuK8Zo7sy

References

Back to Main

Subscribe for the latest news: