← ShieldMyAppDocumentation
📘 Docs Menu

Limitations

What we don't detect — and why honesty matters

Coverage estimate: ~70%

We catch approximately 70% of common security issues based on OWASP Top 10 patterns. This is an estimate based on the categories of issues we scan for — not a guarantee of detection accuracy.

What we don't detect

  • Business logic flaws

    Vulnerabilities that require understanding your specific business context

  • Authentication design issues

    Complex auth flows, session management problems, permission escalation

  • Novel attack vectors

    New vulnerabilities or attack patterns not yet in our detection rules

  • Infrastructure security

    Server configuration, network security, deployment pipeline issues

  • Third-party integrations

    Security issues in how you use external APIs and services

False positives

Sometimes we flag code that isn't actually a problem. This is why we have the REVIEW verdict — when something looks suspicious but might be intentional. You should always apply your own judgment.

False negatives

Sometimes we miss real issues. A CLEAR verdict means we didn't find problems in what we scan — not that your code is 100% secure.

Why we're honest about this

Security tools that claim to catch everything are lying. We'd rather be honest about our limitations than give you false confidence. The final deploy decision is always yours.