Why the Term IAST is Misleading and Confusing to Many

As someone who has been working with IAST long before it was actually called this way – Fortify released its Program Trace Analyzer (PTA) approximately in the year 2008 – I have followed the evolution of this technology closely and posted a couple of times on it as well. For me, IAST was always not … Read more

Key Findings and Limitations of the OWASP Benchmark Project

Tools that test code for common vulnerabilities such as OWASP Top Ten fall today in three categories of AST (Application Security Testing) tools: SAST (static code scanning), DAST (dynamic app scan), and IAST (dynamic code scanning). Consequently, there are not a few but a lot of tools, especially in SAST and DAST areas, both commercial … Read more