LinkedIn respects your privacy

LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Join now Sign in

From the course: Application Security in DevSecOps

Unlock this course with a free trial

Join today to access over 24,900 courses taught by industry experts.

Interactive application security scanning

Interactive application security scanning

From the course: Application Security in DevSecOps

Start my 1-month free trial Buy for my team

Interactive application security scanning

“

- [Instructor] The next type of application security testing we'll explore is interactive application security testing, otherwise known as IAST. This emerging technique is gaining significant traction as it aligns perfectly with the continuous principles of DevSecOps. What is IAST? IAST represents the newest evolution in application security testing. Unlike static and dynamic scanning, which examine the code or running application from the outside, IAST works by instrumenting the application itself during runtime. IAST tools achieve this by integrating directly with the application's execution environment. For example, hooking into the Java Virtual Machine, JVM, for Java applications. This allows the IAST agent to observe the application's behavior and data flows in real time, identifying security vulnerabilities as they occur. The key benefits of this approach are continuous real-time monitoring during normal application usage, highly accurate vulnerability detection by observing…

Contents