How to run an interactive application security test (IAST): Tips & tools

There are several popular approaches to testing and securing websites, including: 

Dynamic application security test (DAST) Interactive application security test (IAST) Static application security test (SAST) Software composition analysis (SCA)

In this article, we will focus on the IAST aspect of securing web applications.

Interactive application security test 

Interactive application security test  (IAST) is a relative newcomer in the application security testing market and combines some elements of both SAST and DAST. 

IAST involves analyzing and detecting vulnerabilities while the application is running. IAST identifies the vulnerable line of code and informs developers of proper measures so the issue can be remediated promptly. IAST looks at the code itself in a post-build stage through the instrumentation of the code. Thus, IAST combines some elements of both SAST and DAST and it was designed to overcome the limitations of both SAST and DAST.

IAST being highly scalable makes it easy to integrate into the continuous integration and continuous deployment (CI/CD) pipeline and can be automated or looked upon by a human tester. 

How does IAST work

A typical IAST makes use of sensors and agents in the application post-build stage. The agent identifies the application’s functionality and analyzes

Read More: