Gitlab hero border pattern left svg Gitlab hero border pattern right svg

Category Direction - Interactive Application Security Testing (IAST)

Description

Applications that are deployed to production are subject to attacks that exploit vulnerabilities. Many vulnerabilities can be identified and corrected prior to product deployment by running security scans on the source code (SAST) or on exposed interfaces (DAST).

Some vulnerabilities, however, cannot be identified by standalone static or dynamic application testing. This is where interactive security application testing comes in.

IAST works through software instrumentation, or the use of instruments to monitor an application as it runs and gather information about what it does and how it performs. IAST solutions instrument applications by deploying agents in running applications and continuously analyzing all application interactions initiated by manual tests, automated tests, or a combination of both to identify vulnerabilities in real time.* IAST can detect more vulnerabilities than SAST or DAST because the agent has visibility into:

While IAST is similar to Runtime Application Self-Protection Security (RASP), the key difference is that IAST is focused on identifying vulnerabilities within the application and RASPs are focused protecting against cybersecurity attacks that may take advantages of those vulnerabilities or other attack vectors.

Target audience and experience

What's next & why

MVC Issue

Competitive landscape

We have the advantage of being able to provide testing results before the app is deployed into the production environment, by using Review Apps. This means that we will be able to provide IAST results for every single commit.

We will also be able to provide support for custom flows and provide IAST results for the master branch in Auto DevOps to better align with other existing tools.

Analyst landscape

We want to engage analysts to make them aware of the security features already available in GitLab. Since this is a relatively new scope for us, we must aim at being included in the next researches.

We can get valuable feedback from analysts, and use it to drive our vision.

Top Customer Success/Sales issue(s)

The category is very new, so we still need to engage customers and get feedback about their interests and priorities in this area.

Top user issue(s)

There are no features available for this category.

Top internal customer issue(s)

The category is very new, so we still need to engage customers and get feedback about their interests and priorities in this area.

Top Vision Item(s)

GIT is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license