From the course: Application Security in DevSecOps
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Interactive application security testing
From the course: Application Security in DevSecOps
Interactive application security testing
- [Instructor] The next type of testing we will talk about is Interactive Application Security Testing, known as IAST. It's becoming very popular and it really epitomizes the word continuous. IAST is the newest player on the applications security scene. It's been around for a few years now and has really grown in support by the security community and in its maturity of language support. It works the same way that modern performance monitoring tools do, by hooking into the compiler or the interpreter of the language. For example, in Java, IAST hooks into the JVM or the JAR file in a runtime option hook. With this method, the IAST tool can watch the data as it passes all the way through the application and look for defects in real time, instead of looking at the code and guessing where the data ends up. With IAST, there isn't a scan, per se. Since it's runtime-based, the testing occurs while the app is being used.…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.