Interactive application security testing (IAST) is the newest method for security testing an application. In this video, learn how it can help secure your application using instrumentation.
- [Instructor] The next type of testing we will talk about … is Interactive Application Security Testing, … known as IAST. … It's becoming very popular … and it really epitomizes the word continuous. … IAST is the newest player … on the applications security scene. … It's been around for a few years now … and has really grown in support by the security community … and in its maturity of language support. … It works the same way … that modern performance monitoring tools do, … by hooking into the compiler or the interpreter … of the language. … For example, in Java, IAST hooks into the JVM … or the JAR file in a runtime option hook. … With this method, the IAST tool can watch the data … as it passes all the way through the application … and look for defects in real time, … instead of looking at the code … and guessing where the data ends up. … With IAST, there isn't a scan, per se. … Since it's runtime-based, the testing occurs … while the app is being used. … Whether that's by unit test, manual test, …
- What is DevSecOps?
- How application security is different with DevSecOps
- Continuous static and dynamic testing
- Continuously scanning to prevent leaking secrets
- Continuous container security
- Pulling security tools together with the Glue tool