Interactive Application Security Testing

The operation of e-commerce platform requires very high security. Interactive Application Security Test (IAST) is a new generation of vulnerability analysis technology first proposed by Synopsys Company in the United States. This technology can effectively solve the technical vulnerabilities of various websites represented by e-commerce platform. This technology combines static application security test (SAST) with dynamic application security test (DAST) by using a unique design context context association mechanism. Through this deep integration of interaction capabilities and differential comparison mechanism, a fast and highly automated vulnerability analysis capability can be built in miming applications. IAST integrates the advantages of SAST and DAST technology, continuously monitors and identifies vulnerabilities in applications. Aspect-oriented programming technology enables differential comparison mechanism to perform dynamic security analysis in running programs, and extracts contextual content, data flow and flow control information from active applications to provide targeted information. Run the access capability of the actual data values at the code level. Therefore, precisely because of these abundant information, the differential comparison mechanism can identify more anomalies than other existing security tools, and achieve unprecedented accuracy. Through IAST technology, it can also confirm or eliminate whether the detected vulnerabilities can be used to attack, and determine the location of the vulnerabilities in the application code. This technology has been listed as one of the top ten information security technologies in 2014 by Gartner Information Technology Research and Consulting Company of the United States, and has a very broad application prospects.