IAST - Interactive Application Security Testing

 



IAST or Interactive Application Security Testing, can be seen as a third testing methodology to complement SAST and DAST. It is like an agent working inside the running application to perform the security testing.

SAST can do code analysis where application is not running, while DAST can perform http scanning when the application is running. IAST can perform code analysis, accompanied by automated/manual testing, to assess the application performance and detect vulnerabilities during run time. It could also assess the control flow and data flow, and could easily integrated into CI/CD pipelines.

Based on OWASP website, Contrast Community Edition is the only free IAST tool available currently.

Though Synopsys give a very good article on IAST, the link on the page for IAST solution happened to link to its SAST solution. :P

Further read:

Comments

Popular posts from this blog

Network Manager

CCSP Domain 2 : Cloud Data Security - Part 1