Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

IAST is designed to address the shortcomings of SAST and DAST by combining elements of both approaches. IAST places an agent within an application and performs all its analysis in the app in real-time and anywhere in the development process ­­ IDE, continuous integrated environment, QA or even in production.

...

As new tools and technologies emerge, you need to educate yourself to see how you can keep your application secure.

IAST

Dynamic Reviewer IAST is an Agent-based solution. It shares the same Agent of Dynamic Reviewer APM. APM features can enabled and purchased separately.

Interactive Application Security Testing (IAST) is a solution that assesses applications from within using software instrumentation. This technique allows IAST to combine the strengths of both SAST and DAST methods as well as providing access to code, HTTP traffic, library information, backend connections and configuration information.

Consider IAST when speed and accuracy

...

are paramount, especially in DevSecOps initiatives.

Gartner Group

Dynamic Reviewer IAST is based 100% on software that is deployed within your applications. it means that there is no need for any additional hardware component. In addition, and thanks to the integrated approach within the application, there is no centralized entry point as WAF solutions require, so your network deployment model remains exactly the same.

...

That can be done directly importing results in Static Reviewer, or via Team Reviewer, OWASP Defect Dojo / ThreadFix transformers.  This allows users to better prioritize their remediation efforts and have a better way to overview the security posture of their projects.

...