Interactive Application Security Testing
Continuous Detection of Run-time Vulnerabilities
Checkmarx Interactive Application Security Testing fills the critical software security gap by leveraging existing functional testing activities to automate the detection of vulnerabilities on running applications. It is the industry’s first IAST solution that fully integrates with a Static Application Security Testing solution and offers customization of queries, leading to greater vulnerability coverage and more accurate results.
Optimize your remediation efforts at scale
The only IAST product in the market that is fully integrated with a best-of-breed SAST solution, enabling cross-product correlations that accelerate time-to-remediation. The code-level insight produced by static analysis, combined with the run-time knowledge coming from IAST, provides developers with a better understanding of where to fix the problem.
Automate security testing using your existing processes
Checkmarx IAST relieves organizations from having to carry out dedicated security testing on running applications. A non-intrusive agent transparently integrates into the testing environment, continuously monitoring application activity to provide real-time feedback. Once functional testing is over, the security “scan” is also completed.
Deliver security as fast as applications change
Checkmarx IAST is built for DevOps, seamlessly fitting QA automation or CI/CD pipelines. The detection of vulnerabilities on running applications is automated to support application portfolios of virtually any size.
Complete your software security testing portfolio
Checkmarx IAST extends Checkmarx’s offering to fill a critical layer in your software security portfolio. While static analysis and software composition analysis ensure that you have scanned all home-grown code and third-party open source libraries, there are still certain flaws that can only be detected on a running application. Checkmarx IAST seals your SDLC with a security “stamp” without interrupting your existing DevOps and CI/CD workflows.