Security Testing Archives - Pragmatic Application Security

Why the Term IAST is Misleading and Confusing to Many

January 8, 2024August 20, 2021 by Matthias Rohr

As someone who has been working with IAST long before it was actually called this way – Fortify released its Program Trace Analyzer (PTA) approximately in the year 2008 – I have followed the evolution of this technology closely and posted a couple of times on it as well. For me, IAST was always not … Read more

Key Findings and Limitations of the OWASP Benchmark Project

September 28, 2021October 6, 2019 by Matthias Rohr

Tools that test code for common vulnerabilities such as OWASP Top Ten fall today in three categories of AST (Application Security Testing) tools: SAST (static code scanning), DAST (dynamic app scan), and IAST (dynamic code scanning). Consequently, there are not a few but a lot of tools, especially in SAST and DAST areas, both commercial … Read more

Automating DAST Scans with Jenkins, Arachni & ThreadFix

September 22, 2021March 17, 2016 by Matthias Rohr

I’m often asked how security tests can be automated with non-commercial tools, e.g. triggered by a Jenkins build. Therefore I decided to write this post, to give you a bit of understanding which tools you can use and what you have to do in order to accomplish this goal. To not over complicate this, I … Read more