SAST tools are not designed for API-centric applications
API security is a different ball game to web application security
The OWASP Top 10 list of vulnerabilities for APIs includes: Cross Site Request Forgery (CSRF) Broken Authentication and Session Management Insecure Direct Object References Sensitive Data Exposure Exposed Debug Information Security Misconfiguration Unvalidated Redirects and Forwards Using Components with Known Vulnerabilities Insufficient Transport Layer Protection.
Discription
These are all very similar to the OWASP Top 10 list of vulnerabilities for web applications, but there are some notable differences
https://t.co/FKRC0FUNpg
References
Back to Main