IAST uses instrumentation to collect security information directly from running code instead of static(SAST) or dynamic(DAST) analysis of code. This allows IAST to detect issues earlier during development.
IAST has access to the code itself, HTTP traffic, application states, data flows, control flows and backend connections. This gives IAST a comprehensive view of vulnerabilities compared to traditional SAST/DAST tools.
IAST works by injecting security probes into the application. The probes monitor security-related events and pass them to an analysis engine which reassembles the events and identifies vulnerability patterns in the application's behavior.
IAST can be deployed at any stage of the SDLC - during development in IDEs, local testing, QA, CI/CD pipelines, and even production. IAST does not require any changes to existing development processes.
IAST offers real-time feedback,precise issue localization, and integrates with common developer tools. This empowers developers to find and fix their own security issues and submit "clean" code.
IAST can detect a wide range of vulnerability types from injections to authorization issues. IAST rules can also enforce positive security controls and best practices.
IAST helps achieve the benefits of static analysis(performance,scalability) while maintaining the dynamic nature of SAST through runtime instrumentation.
Top comments (0)