From the course: Application Security in DevSecOps

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Interactive application security testing

Interactive application security testing

From the course: Application Security in DevSecOps

Start my 1-month free trial

Interactive application security testing

- [Instructor] The next type of testing we will talk about is Interactive Application Security Testing, known as IAST. It's becoming very popular and it really epitomizes the word continuous. IAST is the newest player on the applications security scene. It's been around for a few years now and has really grown in support by the security community and in its maturity of language support. It works the same way that modern performance monitoring tools do, by hooking into the compiler or the interpreter of the language. For example, in Java, IAST hooks into the JVM or the JAR file in a runtime option hook. With this method, the IAST tool can watch the data as it passes all the way through the application and look for defects in real time, instead of looking at the code and guessing where the data ends up. With IAST, there isn't a scan, per se. Since it's runtime-based, the testing occurs while the app is being used.…

Contents