Our first myth is that security testing requires highly experienced penetration testers and automation testing can't find serious issues.

If we can guide the automation properly, serious security issues can be identified. On the other hand, automated security testing can also result in false-positive issues that need further manual verification. However, there are certain kinds of security testing scenarios that would be ideal for automation; some of those are listed here:

• Detecting the use of banned functions, risky APIs, or weak encryption algorithms. Automated systems can do a good job of scanning code for security issues if we properly define the patterns we are looking for.
• Weak RESTful API authentication and authorization behaviors, such as bypassing authorization vulnerabilities. 
• Data input validation may require massive amounts of random testing data input. This kinds of data input testing technique is also called fuzz testing which the prepared data and payload are dynamically generated for the test subject in an attempt to make it crash.
• Repeated UI walk-through, sign-in, sign-out, and form fill are good examples of where web UI automation is required.
• Insecure misconfiguration of software components, databases, or web services.
• Known third-party vulnerabilities.