Interactive application security testing

Interactive application security testing (abbreviated as IAST)¹ is a security testing method that detects software vulnerabilities by interaction with the program coupled with observation and sensors.²³ The tool was launched by several application security companies.⁴ It is distinct from static application security testing, which does not interact with the program, and dynamic application security testing, which considers the program as a black box. It may be considered a mix of both.⁵

References

Mike Chapple; James Michael Stewart; Darril Gibson (2021). (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide. John Wiley & Sons. ISBN 978-1-119-78624-5.
"OWASP DevSecOps Guideline - v-0.2 | OWASP Foundation". Owasp.org.
"What is IAST: Interactive Application Security Testing". www.softwaretestinghelp.com.
Tanya Janca (2020). Alice and Bob Learn Application Security. John Wiley & Sons. pp. 140–. ISBN 978-1-119-68735-1.
Aaron Walker (August 14, 2019). "SAST vs. DAST: Application Security Testing Explained". www.g2.com. Archived from the original on 2022-07-20.

[1] Mike Chapple; James Michael Stewart; Darril Gibson (2021). (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide. John Wiley & Sons. ISBN 978-1-119-78624-5.

[2] "OWASP DevSecOps Guideline - v-0.2 | OWASP Foundation". Owasp.org.

[3] "What is IAST: Interactive Application Security Testing". www.softwaretestinghelp.com.

[Janca2020-4] Tanya Janca (2020). Alice and Bob Learn Application Security. John Wiley & Sons. pp. 140–. ISBN 978-1-119-68735-1.

[5] Aaron Walker (August 14, 2019). "SAST vs. DAST: Application Security Testing Explained". www.g2.com. Archived from the original on 2022-07-20.

1

2

3

4

5