Interactive application security testing: Difference between revisions

'''Interactive application security testing''' (abbreviated as '''IAST''')<ref>{{cite book | author1 = Mike Chapple | author2 = James Michael Stewart | author3 = Darril Gibson | date = 2021 | title = (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide | publisher = John Wiley & Sons | pages = | isbn = 978-1-119-78624-5 | url = https://books.google.com/books?id=kSw0EAAAQBAJ&pg=PT1019}}</ref> is a [[security testing]] method that detects software vulnerabilities by interaction with the program coupled with observation and sensors.<ref>{{cite web | url=https://owasp.org/www-project-devsecops-guideline/latest/02c-Interactive-Application-Security-Testing | title=OWASP DevSecOps Guideline - v-0.2 &#124; OWASP Foundation | website=Owasp.org}}</ref><ref>{{cite web | url=https://www.softwaretestinghelp.com/what-is-iast/ | title=What is IAST: Interactive Application Security Testing | website=www.softwaretestinghelp.com}}</ref> The tool was launched by several application security companies. <ref name="Janca2020">{{cite book | author = Tanya Janca | date = 2020 | title = Alice and Bob Learn Application Security | publisher = John Wiley & Sons | pages = 140– | isbn = 978-1-119-68735-1 | url = https://books.google.com/books?id=6AoBEAAAQBAJ&pg=PA140}}</ref> It is distinct from [[static application security testing]], which does not interact with the program, and [[dynamic application security testing]], which considers the program as a [[black box]]. It may be considered a mix of both.<ref>{{cite web | title=SAST vs. DAST: Application Security Testing Explained | website=www.g2.com | date=August 14, 2019 | url=https://www.g2.com/articles/sast-vs-dast | archive-url=https://web.archive.org/web/20220720103658/https://www.g2.com/articles/sast-vs-dast | archive-date=2022-07-20 | url-status=live | author=Aaron Walker}}</ref>