IAST

Definition

Interactive Application Security Testing (IAST) is a security testing methodology that combines elements of static and dynamic analysis to identify vulnerabilities in web applications. It operates by instrumenting an application with sensors that monitor its behavior during runtime, providing real-time feedback on security issues. IAST tools are typically integrated into the development environment, allowing developers to detect and fix vulnerabilities early in the software development lifecycle.

Secure Settings Example

# Example configuration for an IAST tool integrated into a CI/CD pipeline
iast:
  enabled: true
  sensitivity: high
  report:
    format: html
    output: /reports/iast-report.html
  thresholds:
    critical: 0
    high: 5
    medium: 10
  fail_build_on_violation: true

Insecure Settings Example

# Example of insecure IAST configuration
iast:
  enabled: false
  sensitivity: low
  report:
    format: txt
    output: /reports/iast-report.txt
  thresholds:
    critical: 10
    high: 20
    medium: 30
  fail_build_on_violation: false