Dynamic Code Analysis (IAST)

IAST (Interactive Application Security Testing) is a relatively new security tool category that analyzes code dynamically at runtime during its execution within an application server or Web containers such as Tomcat or IBM WebLogic for potential security problems. IAST thereby combines both SAST (static code security scanning) and DAST (dynamic Web site security scanning) scanning capabilities into one solution.

The difference to other tool categories is that some IAST solutions scan completely passive and do not require an additional security test such as a pentest. Instead, all you need is to run business and technical smoke tests against the Web application which has been instrumented by an IAST agent.

You can find an overview of different IAST tool categories in a recent blog post of us.

Technical Details

  • Simple installation and usability
  • Very low false positive rate
  • Identifies common Web vulnerabilities (such as XSS or SQL Injection)
  • Assessments as part of business logic tests possible
  • Suitable for agile (security) testing
  • Available as both cloud and on-premise versions
  • Supports all Java, .NET and Node.js-based Web applications