-
Application Security Basics
- Agile Security
- App Security Testing
- Application Control Audit
- Application Protection
- Application Security Assessment
- Application Security Best Practices
- Application Security Risk
- Application Security Tools
- Application Testing Tool
- Automated Web Testing
- Automated Penetration Testing Tools
- Black Box Analysis
- Blackbox Test
- Black Box Testing
- Blackbox Testing Techniques
- Cloud-based Security
- Code Review Tools
- Code Security Analysis
- CWE
- DAST Test
- Data Breach
- Data Loss Prevention Guide
- Data Security
- Ethical Hacking
- Gray Box Testing
- IAST
- Mobile app security testing
- Network security tools
- Open Source Risk
- OWASP Testing Tools
- OWASP Top 10
- Penetration Testing
- SaaS Application Security
- SaaS Application Monitoring
- SDLC Agile
- Secure Applications
- Security Review Software
- Software Audit
- Software Code Security
- Software Security
- Software Testing
- Software Testing Process
- Software Testing Tools
- Source Code Analysis
- Source Code Security Analyzer
- Static Analysis
- Static Code Analysis
- Third-Party Risk Assessment
- Unit Testing
- Vulnerability Assessment
- Vulnerability Assessment Software
- Vulnerability Management
- Vulnerability Scanning Tools
- Web App Penetration Testing
- Web Application Audit
- Web Application Monitoring
- Web Application Scanning
- Web Application Security Testing
- Web Application Testing
- Web Application
- Web application scanner
- Web pen testing
- What is Third-Party Software?
- AppSec Policies
-
Advanced Application Security
- Agile Software Development Lifecycle
- Agile SDLC
- Android Security
- DAST Assessment
- DevOps Security
- DevOps Testing
- DevSecOps
- JavaScript Security
- Linux Hacking
- Microservices
- Mobile App Testing
- Ruby Security
- Secure Development
- Secure DevOps
- Secure Web Application Development
- Software Development Lifecycle (SDLC)
- Web Application Penetration Testing
- Development
-
Web Application Flaws & Vulnerabilities
- Application Vulnerability
- ARP Spoofing
- Buffer Overflow
- Computer Worm
- Credentials Management Flaws
- CRLF Injection
- Cross Site Scripting Prevention
- Cross Site Scripting Vulnerability
- Cross-Site Request Forgery
- Cross-Site Scripting
- CSRF Token
- Directory Traversal
- Encapsulation
- Error Handling Flaws
- Failure to Restrict URL Access
- Insecure Cryptographic Storage
- Insufficient Transport Layer Protection
- Keylogger
- LDAP Injection
- Malicious Code
- Man in the Middle Attack
- Mobile Code Security
- Open Source Vulnerabilities
- OS Command Injection
- PHP SQL injection test
- Preventing XSS
- Race Condition
- Reflected XSS
- Rootkit
- Session management
- Spoofing Attack
- Spyware
- SQL Injection Scanner
- SQL Attacks
- SQL Injection .NET
- SQL cheat sheet
- SQL Injection
- SQL Injection Java
- What is a worm
- What is SQL Injection
- Remediation Guidance
- Miscellaneous
APPLICATION SECURITY
Knowledge Base
Search Our Knowledge Base
What Is IAST? Interactive Application Security Testing
IAST (interactive application security testing) analyzes code for security vulnerabilities while the app is run by an automated test, human tester, or any activity “interacting” with the application functionality. This technology reports vulnerabilities in real-time, which means it does not add any extra time to your CI/CD pipeline.
IAST works inside the application, which makes it different from both static analysis (SAST) and dynamic analysis (DAST). This type of testing also doesn’t test the entire application or codebase, but only whatever is exercised by the functional test.
IAST works best when deployed in a QA environment with automated functional tests running.
Your Guide to Application Security Solutions
Get the HandbookIAST advantages
- Speed of results: IAST reports findings in real-time for the scope of the app being “exercised.”
- API testing: Many functional API tests are automated, making IAST a good fit for teams building in microservices, etc.
- Promotes re-use of existing test cases: IAST avoids the need to re-create scripts for security testing.
IAST is best used in conjunction with other testing technologies. Most organizations need both security assurance and developer-centric solutions. Security assurance solutions, including static analysis, dynamic analysis, and software composition analysis, provide security teams, executives, and application owners comprehensive assessments that support risk-based decision-making. Developer-centric solutions, like Veracode Static Analysis IDE Scan, software composition analysis, and IAST, help developers fix and find security-related flaws early and often, helping them learn to code more securely and lessen the number of defects later in the development lifecycle.