SAST tools are not designed for API-centric applications and as a result, they do not work well.
Discription

API Security Testing is Not the Same as Web Application Security Testing

Web application security testing (WAST) has been around since the early 2000s when OWASP released its first Top 10 list of web application vulnerabilities. Since then, WAST has evolved to include many more types of tests such as Cross Site Scripting (XSS), SQL Injection (SQLi), etc., which have become standard practice in any AppSec program
https://t.co/uebsM2N5nO

Back to Main