The Ins and Outs of Interactive Application Security Testing

Interactive Application Security Testing, or IAST, is an emerging technology in the application security domain that is quickly gaining notoriety in many DevOps circles. IAST is an unobtrusive means run automated security tests during activities such as QA, human testing, or any activity that "interacts" with the application's functionality. However there are many different approaches to instituting IAST into your AppSec program and, because the technology is new, many businesses need help in evaluating a solution that meets their security objectives. In this session, Shahar Sperling and Gal Ben-Yair, Enterprise Architects with HCL AppScan, will take a deeper dive into the ins and outs of IAST to help you better understand what it is, how it can help expedite security testing, and how to assess the right solution for your business. You'll come away with a better understanding of: 1) The different approaches to IAST such as passive and active testing 2) How to institute IAST into your SDLC to shift security testing to the left, as well as to the right 3) Things to consider when evaluating IAST such as how to benchmark apps, understanding the quality of sanitizers, and assessing ease of deployment