'''Interactive application security testing''' ('''IAST''' for short) is a [[security testing]] method that detects software vulnerabilities by interaction with the program coupled with observation and sensors.<ref>{{cite web | url=https://owasp.org/www-project-devsecops-guideline/latest/02c-Interactive-Application-Security-Testing | title=OWASP DevSecOps Guideline - v-0.2 | OWASP Foundation | website=Owasp.org}}</ref><ref>{{cite web | url=https://www.softwaretestinghelp.com/what-is-iast/ | title=What is IAST: Interactive Application Security Testing | website=www.softwaretestinghelp.com}}</ref> It is distinct from [[static application security testing]], which does not interact with the program, and [[dynamic application security testing]], which considers the program as a [[black box]]. It may be considered a mix of both.<ref>{{cite web | title=SAST vs. DAST: Application Security Testing Explained | website=www.g2.com | date=August 14, 2019 | url=https://www.g2.com/articles/sast-vs-dast | archive-url=https://web.archive.org/web/20220720103658/https://www.g2.com/articles/sast-vs-dast | archive-date=2022-07-20 | url-status=live | author=Aaron Walker}}</ref>
