Can someone explain the difference between Interactive Application Security Testing and Synthetic Monitoring?
From what I understand –
Synthetic Monitoring is the practice of using “constructed” data to test an application. For example – testing a website using a bunch of lambdas that send certain data and evaluating the response – I see that as synthetic monitoring.
What then is IAST? From what I understand IAST is also applied to a deployed application (in contrast to SAST which analyzes the application “at rest,” i.e., the source code). So IAST can detect vulnerabilities in the deployment configuration. But it’s not using constructed / artificial data, is it?
Any clarification would help – thanks!