Interactive application security testing

{{Short description|Security testing method}}

Interactive application security testing (abbreviated as IAST){{cite book | author1 = Mike Chapple | author2 = James Michael Stewart | author3 = Darril Gibson | date = 2021 | title = (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide | publisher = John Wiley & Sons | pages = | isbn = 978-1-119-78624-5 | url = https://books.google.com/books?id=kSw0EAAAQBAJ&pg=PT1019}} is a security testing method that detects software vulnerabilities by interaction with the program coupled with observation and sensors.{{cite web | url=https://owasp.org/www-project-devsecops-guideline/latest/02c-Interactive-Application-Security-Testing | title=OWASP DevSecOps Guideline - v-0.2 | OWASP Foundation | website=Owasp.org}}{{cite web | url=https://www.softwaretestinghelp.com/what-is-iast/ | title=What is IAST: Interactive Application Security Testing | website=www.softwaretestinghelp.com}} The tool was launched by several application security companies.{{cite book | author = Tanya Janca | date = 2020 | title = Alice and Bob Learn Application Security | publisher = John Wiley & Sons | pages = 140– | isbn = 978-1-119-68735-1 | url = https://books.google.com/books?id=6AoBEAAAQBAJ&pg=PA140}} It is distinct from static application security testing, which does not interact with the program, and dynamic application security testing, which considers the program as a black box. It may be considered a mix of both.{{cite web | title=SAST vs. DAST: Application Security Testing Explained | website=www.g2.com | date=August 14, 2019 | url=https://www.g2.com/articles/sast-vs-dast | archive-url=https://web.archive.org/web/20220720103658/https://www.g2.com/articles/sast-vs-dast | archive-date=2022-07-20 | url-status=live | author=Aaron Walker}}