Gitlab hero border pattern left svg Gitlab hero border pattern right svg

Category Direction - Interactive Application Security Testing (IAST)


Applications that are deployed to production are subject to attacks that exploit vulnerabilities. Many vulnerabilities can be identified and corrected prior to product deployment by running security scans on the source code (SAST) or on exposed interfaces (DAST).

Some vulnerabilities, however, cannot be identified by standalone static or dynamic application testing. This is where interactive security application testing comes in.

IAST works through software instrumentation, or the use of instruments to monitor an application as it runs and gather information about what it does and how it performs. IAST solutions instrument applications by deploying agents in running applications and continuously analyzing all application interactions initiated by manual tests, automated tests, or a combination of both to identify vulnerabilities in real time.* IAST can detect more vulnerabilities than SAST or DAST because the agent has visibility into:

While IAST is similar to Runtime Application Self-Protection Security (RASP), the key difference is that IAST is focused on identifying vulnerabilities within the application and RASPs are focused protecting against cybersecurity attacks that may take advantages of those vulnerabilities or other attack vectors.

Target audience and experience

What's next & why

Maturity Plan

Competitive landscape

Analyst landscape

Top Customer Success/Sales issue(s)

Top user issue(s)

Top internal customer issue(s)

Top Vision Item(s)