SAST tools are not designed for API-centric applications API security is a different ball game to web application security The OWASP Top 10 list of vulnerabilities for APIs includes:  Cross Site Request Forgery (CSRF) Broken Authentication and Session Management Insecure Direct Object References Sensitive Data Exposure Exposed Debug Information Security Misconfiguration Unvalidated Redirects and Forwards Using Components with Known Vulnerabilities Insufficient Transport Layer Protection.

These are all very similar to the OWASP Top 10 list of vulnerabilities for web applications, but there are some notable differences

Back to Main