Interactive application security testing

Interactive application security testing (abbreviated as IAST)^[1] is a security testing method that detects software vulnerabilities by interaction with the program coupled with observation and sensors.^[2]^[3] The tool was launched by several application security companies.^[4] It is distinct from static application security testing, which does not interact with the program, and dynamic application security testing, which considers the program as a black box. It may be considered a mix of both.^[5]

^ Mike Chapple; James Michael Stewart; Darril Gibson (2021). (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide. John Wiley & Sons. ISBN 978-1-119-78624-5.
^ "OWASP DevSecOps Guideline - v-0.2 | OWASP Foundation". Owasp.org.
^ "What is IAST: Interactive Application Security Testing". www.softwaretestinghelp.com.
^ Tanya Janca (2020). Alice and Bob Learn Application Security. John Wiley & Sons. pp. 140–. ISBN 978-1-119-68735-1.
^ Aaron Walker (August 14, 2019). "SAST vs. DAST: Application Security Testing Explained". www.g2.com. Archived from the original on 2022-07-20.

[1] Mike Chapple; James Michael Stewart; Darril Gibson (2021). (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide. John Wiley & Sons. ISBN 978-1-119-78624-5.

[2] "OWASP DevSecOps Guideline - v-0.2 | OWASP Foundation". Owasp.org.

[3] "What is IAST: Interactive Application Security Testing". www.softwaretestinghelp.com.

[Janca2020-4] Tanya Janca (2020). Alice and Bob Learn Application Security. John Wiley & Sons. pp. 140–. ISBN 978-1-119-68735-1.

[5] Aaron Walker (August 14, 2019). "SAST vs. DAST: Application Security Testing Explained". www.g2.com. Archived from the original on 2022-07-20.

[1]

[2]

[3]

[4]

[5]