Analyze Code for Security Risks

Question 1

SAST vs DAST vs IAST vs RASP

Answer 1

SAST: Static App security testing- In Dev phase, runs on code base
DAST: Dynamic App security testing - In Dev phase, runs on running app
IAST: Interactive App security testing - In testing phase, instruments app, environment has access to code base.
RASP: Runtime app self-protection - In Prod, responds to invalid inputs, flows etc. a monitor that watches the application and the environment and acts upon conditions that are outside the normal conditions for the application.