The results for mobile apps and websites are useful; however, I have not found the same for dynamic API scanning. Our APIs are web facing, and thus we need to make sure they are vulnerability free. We are using .NET, and do not have any web interfaces for our APIs.
We use static scans on all of our .dll, .pdb, and .exe files with informative results. Should we consider using AppScan Standard scans or templates to define the complex login procedure? Or, are APIs not intended to be dynamically scanned?