During a web-application penetration test, the consultant wants to uncover vulnerabilities by inserting sensors inside the application's runtime environment so that every user-driven request is monitored and correlated with the specific lines of code executed. Which assessment technique best fits this requirement?
Interactive analysis that instruments the running application to observe code paths triggered by live traffic
Network reconnaissance that enumerates open ports and banners to profile perimeter services
Static analysis that inspects source logic before compilation to flag insecure functions
Patch-management scanning that reviews Windows registry keys to locate outdated third-party software
Interactive Application Security Testing embeds instrumentation inside a running application. The agent watches real-time execution and data flow, combining static and dynamic insights. The other options describe static source review, patch/registry scanning, or external network enumeration, none of which instrument code at runtime.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Interactive Application Security Testing (IAST)?
Open an interactive chat with Bash
How is IAST different from Static Application Security Testing (SAST)?
Open an interactive chat with Bash
What are the benefits of using IAST over other testing methods?