May 19, 2021

Difference between IAST and Synthetic Monitoring

Can someone explain the difference between Interactive Application Security Testing and Synthetic Monitoring?

From what I understand –

Synthetic Monitoring is the practice of using “constructed” data to test an application. For example – testing a website using a bunch of lambdas that send certain data and evaluating the response – I see that as synthetic monitoring.

What then is IAST? From what I understand IAST is also applied to a deployed application (in contrast to SAST which analyzes the application “at rest,” i.e., the source code). So IAST can detect vulnerabilities in the deployment configuration. But it’s not using constructed / artificial data, is it?

Any clarification would help – thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.