IAST – Interactive Application Security Testing

identifies security vulnerabilities in application code while it’s running.

• Integrates agents, sensors, and libraries into the application.
• It has access to the entire code, dataflow, configurations, web components, and connections.
• Can be automated or manually conducted by a human tester.
• It highlight the blocks of code where a vulnerability is found.
• This test combats the trend of attacks targeting the application layer.
• Types of vulnerabilities identified: hardcoded APII keys, lack of sanitization, and connections without SSL
• IAST tests an application during execution; SAST tests in a non-execution application.
• Complements other testing methods such as SAST and DAST.