From the course: Building an Application Security Program
Join today to access over 25,500 courses taught by industry experts.
Interactive application security testing (IAST)
From the course: Building an Application Security Program
Interactive application security testing (IAST)
- [Instructor] Now let's talk about one of the newer types of security testing, interactive application security testing. Once again, OWASP has one of my favorite definitions of IAST, an application security testing method that tests the application while the app is run by an automated test, human tester, or any activity interacting with the application functionality. The keyword here is interacting, which is where it gets its name. IAST scans the code for vulnerabilities while the website is running, not in the code, and not hacking like DAST. While the application is running through either an automated test or manual test, the IAST tool is scanning. IAST hooks into the runtime of the application. It automatically does security checking of the code while the code is being interpreted at runtime. It's similar to application performance monitoring tools. If you're familiar with APM tools that have been out there for…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Understanding AppSec testing5m 46s
-
(Locked)
Threat modeling5m 20s
-
(Locked)
Static application security testing (SAST)3m 14s
-
(Locked)
Dynamic application security testing (DAST)2m 55s
-
(Locked)
Interactive application security testing (IAST)2m 29s
-
(Locked)
Static code analysis (SCA)3m 6s
-
(Locked)
Verification testing2m 10s
-
(Locked)
Pentesting2m 50s
-
(Locked)
Red/Blue/Purple testing3m 32s
-
(Locked)
Monitoring AppSec in production3m 42s
-
(Locked)
RASP vs. WAF6m 32s
-
(Locked)
-
-