Application Security
IAST (Interactive Application Security Testing)
Also known as: Interactive analysis, Runtime code analysis
Definition
Application security testing that instruments a running application from the inside to observe code execution while it is being exercised by traffic or tests.
Examples
- Attaching a Contrast Security agent to a Java service in QA to find XSS during E2E tests.
- Using Seeker to confirm SQL injection in a Node.js API while running Cypress flows.
Related terms
SAST (Static Application Security Testing)
Automated analysis of source code, bytecode or binaries — without executing it — to find security weaknesses such as injection, unsafe APIs or insecure crypto.
DAST (Dynamic Application Security Testing)
Black-box security testing that probes a running application over the network to find vulnerabilities visible only at runtime, such as injection, auth flaws and misconfigurations.
RASP (Runtime Application Self-Protection)
A defense embedded inside a running application that monitors execution context and blocks malicious behavior, such as injection or deserialization attacks, in real time.
Fuzz Testing
An automated testing technique that feeds a program large amounts of malformed, random or unexpected input to uncover crashes, memory corruption and security vulnerabilities.
Secure Coding
Secure Coding — definition coming soon.
OWASP Top 10
OWASP Top 10 — definition coming soon.