Interactive application security testing

Interactive application security testing (abbreviated as IAST)[1] is a security testing method that detects software vulnerabilities by interaction with the program coupled with observation and sensors.[2][3] The tool was launched by several application security companies. [4] It is distinct from static application security testing, which does not interact with the program, and dynamic application security testing, which considers the program as a black box. It may be considered a mix of both.[5]


  1. ^ Mike Chapple; James Michael Stewart; Darril Gibson (2021). (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide. John Wiley & Sons. ISBN 978-1-119-78624-5.
  2. ^ "OWASP DevSecOps Guideline - v-0.2 | OWASP Foundation".
  3. ^ "What is IAST: Interactive Application Security Testing".
  4. ^ Tanya Janca (2020). Alice and Bob Learn Application Security. John Wiley & Sons. pp. 140–. ISBN 978-1-119-68735-1.
  5. ^ Aaron Walker (August 14, 2019). "SAST vs. DAST: Application Security Testing Explained". Archived from the original on 2022-07-20.