IAST

Spread the love

IAST – Interactive Application Security Testing

identifies security vulnerabilities in application code while it’s running.

  • Integrates agents, sensors, and libraries into the application.
  • It has access to the entire code, dataflow, configurations, web components, and connections.
  • Can be automated or manually conducted by a human tester.
  • It highlight the blocks of code where a vulnerability is found.
  • This test combats the trend of attacks targeting the application layer.
  • Types of vulnerabilities identified: hardcoded APII keys, lack of sanitization, and connections without SSL
  • IAST tests an application during execution; SAST tests in a non-execution application.
  • Complements other testing methods such as SAST and DAST.

Leave a Reply

Your email address will not be published. Required fields are marked *