IAST – Interactive Application Security Testing
identifies security vulnerabilities in application code while it’s running.
- Integrates agents, sensors, and libraries into the application.
- It has access to the entire code, dataflow, configurations, web components, and connections.
- Can be automated or manually conducted by a human tester.
- It highlight the blocks of code where a vulnerability is found.
- This test combats the trend of attacks targeting the application layer.
- Types of vulnerabilities identified: hardcoded APII keys, lack of sanitization, and connections without SSL
- IAST tests an application during execution; SAST tests in a non-execution application.
- Complements other testing methods such as SAST and DAST.