SAST tools are not designed for API-centric applications and as a result, they do not work well.

API Security Testing is Not the Same as Web Application Security Testing

Web application security testing (WAST) has been around since the early 2000s when OWASP released its first Top 10 list of web application vulnerabilities. Since then, WAST has evolved to include many more types of tests such as Cross Site Scripting (XSS), SQL Injection (SQLi), etc., which have become standard practice in any AppSec program

Back to Main