www.contrastsecurity.com
Open in
urlscan Pro
2606:2c40::c73c:671e
Public Scan
URL:
https://www.contrastsecurity.com/security-influencers/why-the-difference-between-sast-dast-and-iast-matters?q_mailing_2M2F3BKsEG4...
Submission: On November 18 via api from CH — Scanned from DE
Submission: On November 18 via api from CH — Scanned from DE
Form analysis 3 forms found in the DOM
/search-results
<form data-hs-do-not-collect="true" action="/search-results">
<input type="text" class="hs-search-field__input" name="term" autocomplete="off" aria-label="Search" placeholder="Search">
<input type="hidden" name="type" value="SITE_PAGE">
<input type="hidden" name="type" value="BLOG_POST">
<input type="hidden" name="type" value="LISTING_PAGE">
</form>POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/203759/12d5ddc9-0f84-44d1-a609-82dd51f66b99
<form id="hsForm_12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/203759/12d5ddc9-0f84-44d1-a609-82dd51f66b99"
class="hs-form-private hsForm_12d5ddc9-0f84-44d1-a609-82dd51f66b99 hs-form-12d5ddc9-0f84-44d1-a609-82dd51f66b99 hs-form-12d5ddc9-0f84-44d1-a609-82dd51f66b99_fd9d0608-bd39-45e8-8040-7deda0e940f3 hs-form stacked hs-custom-form"
target="target_iframe_12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" data-instance-id="fd9d0608-bd39-45e8-8040-7deda0e940f3" data-form-id="12d5ddc9-0f84-44d1-a609-82dd51f66b99" data-portal-id="203759">
<fieldset class="form-columns-2">
<div class="hs_firstname hs-firstname hs-fieldtype-text field hs-form-field"><label id="label-firstname-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your "
for="firstname-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span></span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="firstname-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" name="firstname" required="" placeholder="First Name*" type="text" class="hs-input" inputmode="text" autocomplete="given-name" value=""></div>
</div>
<div class="hs_lastname hs-lastname hs-fieldtype-text field hs-form-field"><label id="label-lastname-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your "
for="lastname-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span></span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="lastname-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" name="lastname" required="" placeholder="Last Name*" type="text" class="hs-input" inputmode="text" autocomplete="family-name" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your " for="email-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span></span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" name="email" required="" placeholder="Company Email*" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_company hs-company hs-fieldtype-text field hs-form-field"><label id="label-company-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your "
for="company-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span></span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="company-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" name="company" required="" placeholder="Company Name*" type="text" class="hs-input" inputmode="text" autocomplete="organization" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_employee_range hs-employee_range hs-fieldtype-select field hs-form-field"><label id="label-employee_range-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your "
for="employee_range-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span></span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><select id="employee_range-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" required="" class="hs-input is-placeholder" name="employee_range">
<option disabled="" value="">Company Size*</option>
<option value="0-499">0-499</option>
<option value="500-1999">500-1999</option>
<option value="2000-4999">2000-4999</option>
<option value="5000-9999">5000-9999</option>
<option value="10000+">10000+</option>
</select></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs-dependent-field">
<div class="hs_country hs-country hs-fieldtype-select field hs-form-field"><label id="label-country-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your "
for="country-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span></span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><select id="country-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" required="" class="hs-input is-placeholder" name="country">
<option disabled="" value="">HQ Country*</option>
<option value="United States">United States</option>
<option value="Canada">Canada</option>
<option value="Australia">Australia</option>
<option value="Belgium">Belgium</option>
<option value="Brazil">Brazil</option>
<option value="Chile">Chile</option>
<option value="China">China</option>
<option value="Colombia">Colombia</option>
<option value="Comoros">Comoros</option>
<option value="Congo">Congo</option>
<option value="Congo {Democratic Rep}">Congo {Democratic Rep}</option>
<option value="Costa Rica">Costa Rica</option>
<option value="Croatia">Croatia</option>
<option value="Cuba">Cuba</option>
<option value="Cyprus">Cyprus</option>
<option value="Czech Republic">Czech Republic</option>
<option value="Denmark">Denmark</option>
<option value="Eritrea">Eritrea</option>
<option value="Finland">Finland</option>
<option value="France">France</option>
<option value="Germany">Germany</option>
<option value="Ghana">Ghana</option>
<option value="Greece">Greece</option>
<option value="Iceland">Iceland</option>
<option value="India">India</option>
<option value="Indonesia">Indonesia</option>
<option value="Iran">Iran</option>
<option value="Iraq">Iraq</option>
<option value="Ireland">Ireland</option>
<option value="Israel">Israel</option>
<option value="Italy">Italy</option>
<option value="Japan">Japan</option>
<option value="Kuwait">Kuwait</option>
<option value="Lithuania">Lithuania</option>
<option value="Malaysia">Malaysia</option>
<option value="Mexico">Mexico</option>
<option value="Morocco">Morocco</option>
<option value="Netherlands">Netherlands</option>
<option value="New Zealand">New Zealand</option>
<option value="Nigeria">Nigeria</option>
<option value="Norway">Norway</option>
<option value="Pakistan">Pakistan</option>
<option value="Philippines">Philippines</option>
<option value="Poland">Poland</option>
<option value="Portugal">Portugal</option>
<option value="Romania">Romania</option>
<option value="Russian Federation">Russian Federation</option>
<option value="Saudi Arabia">Saudi Arabia</option>
<option value="Singapore">Singapore</option>
<option value="Slovakia">Slovakia</option>
<option value="Slovenia">Slovenia</option>
<option value="South Africa">South Africa</option>
<option value="South Korea">South Korea</option>
<option value="Spain">Spain</option>
<option value="Sweden">Sweden</option>
<option value="Switzerland">Switzerland</option>
<option value="Taiwan">Taiwan</option>
<option value="Thailand">Thailand</option>
<option value="Turkey">Turkey</option>
<option value="United Arab Emirates">United Arab Emirates</option>
<option value="United Kingdom">United Kingdom</option>
<option value="Vietnam">Vietnam</option>
<option value="Puerto Rico">Puerto Rico</option>
<option value="Trinidad and Tobago">Trinidad and Tobago</option>
<option value="Timor-Leste">Timor-Leste</option>
</select></div>
</div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_lead_source_detail_last hs-lead_source_detail_last hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-lead_source_detail_last-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class=""
placeholder="Enter your Lead Source Detail Last" for="lead_source_detail_last-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span>Lead Source Detail Last</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="lead_source_detail_last" class="hs-input" type="hidden" value="FY23Q2-Global-Blog-Subscription"></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_lead_source_last hs-lead_source_last hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-lead_source_last-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your Lead Source Last"
for="lead_source_last-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span>Lead Source Last</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="lead_source_last" class="hs-input" type="hidden" value="FY23Q2-Global-Blog-Subscription"></div>
</div>
</fieldset>
<fieldset class="form-columns-2">
<div class="hs_utm_campaign hs-utm_campaign hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_campaign-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your utm_campaign"
for="utm_campaign-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span>utm_campaign</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_campaign" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_content hs-utm_content hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_content-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your utm_content"
for="utm_content-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span>utm_content</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_content" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-2">
<div class="hs_utm_medium hs-utm_medium hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_medium-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your utm_medium"
for="utm_medium-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span>utm_medium</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_medium" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_source hs-utm_source hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_source-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your utm_source"
for="utm_source-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span>utm_source</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_source" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_utm_term hs-utm_term hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_term-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your utm_term"
for="utm_term-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span>utm_term</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_term" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_device hs-device hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-device-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your device"
for="device-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span>device</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="device" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_hsa_acc hs-hsa_acc hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-hsa_acc-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your hsa_acc"
for="hsa_acc-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span>hsa_acc</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="hsa_acc" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_hsa_ad hs-hsa_ad hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-hsa_ad-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your hsa_ad"
for="hsa_ad-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span>hsa_ad</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="hsa_ad" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_hsa_cam hs-hsa_cam hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-hsa_cam-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your hsa_cam"
for="hsa_cam-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span>hsa_cam</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="hsa_cam" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_hsa_grp hs-hsa_grp hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-hsa_grp-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your hsa_grp"
for="hsa_grp-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span>hsa_grp</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="hsa_grp" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_hsa_kw hs-hsa_kw hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-hsa_kw-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your hsa_kw"
for="hsa_kw-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span>hsa_kw</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="hsa_kw" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_hsa_mt hs-hsa_mt hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-hsa_mt-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your hsa_mt"
for="hsa_mt-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span>hsa_mt</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="hsa_mt" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_hsa_net hs-hsa_net hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-hsa_net-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your hsa_net"
for="hsa_net-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span>hsa_net</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="hsa_net" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_hsa_src hs-hsa_src hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-hsa_src-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your hsa_src"
for="hsa_src-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span>hsa_src</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="hsa_src" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_hsa_tgt hs-hsa_tgt hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-hsa_tgt-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your hsa_tgt"
for="hsa_tgt-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span>hsa_tgt</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="hsa_tgt" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_honey_pot hs-honey_pot hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-honey_pot-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" class="" placeholder="Enter your Honey Pot"
for="honey_pot-12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603"><span>Honey Pot</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="honey_pot" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_blog_subscriber hs-blog_subscriber hs-fieldtype-booleancheckbox field hs-form-field" style="display: none;">
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="blog_subscriber" class="hs-input" type="hidden" value="true"></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="legal-consent-container">
<div class="hs-richtext">
<p>We take your privacy seriously at Contrast; security is what we’re all about in the first place! We use the information you provide to us on the basis of legitimate interest to make sure you get more information about the topics that may
be of interest to you. Contrast also partners with third parties from time to time and may share your contact information with them. By submitting this form, you agree to our collection and use of your information in accordance with our
<a href="https://www.contrastsecurity.com/privacy-matters" target="_blank" rel="noopener">Privacy Policy</a>. You may opt out at any time <a href="https://www.contrastsecurity.com/subscribe" target="_blank" rel="noopener">here</a>.</p>
</div>
</div>
</fieldset>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Submit"></div>
</div><input name="hs_context" type="hidden"
value="{"formTarget":"#hs_form_target_form_223328344","formInstanceId":"1603","rawInlineMessage":"<p>Thank you for subscribing!&nbsp;</p>","hsFormKey":"7c0f7f257579c2f41aa2bd4008b26fe8","pageUrl":"https://www.contrastsecurity.com/security-influencers/why-the-difference-between-sast-dast-and-iast-matters?q_mailing_2M2F3BKsEG4ufTWJzRE5S62WgnHQXUq1r4MS=RnWQf3UKxQWrCo7BTB5cMru9QmCnkcc5hTYNaZgtuxUsyQjDGCtAC36U6","pageTitle":"SAST, DAST, and IAST Security Testing","pageName":"SAST, DAST, and IAST Security Testing","pageId":"343668889","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36","urlParams":{"q_mailing_2M2F3BKsEG4ufTWJzRE5S62WgnHQXUq1r4MS":"RnWQf3UKxQWrCo7BTB5cMru9QmCnkcc5hTYNaZgtuxUsyQjDGCtAC36U6"},"timestamp":1668759822132,"originalEmbedContext":{"portalId":"203759","formId":"12d5ddc9-0f84-44d1-a609-82dd51f66b99","region":"na1","target":"#hs_form_target_form_223328344","isBuilder":false,"isTestPage":false,"formInstanceId":"1603","formsBaseUrl":"/_hcms/forms","css":"","inlineMessage":"<p>Thank you for subscribing!&nbsp;</p>","rawInlineMessage":"<p>Thank you for subscribing!&nbsp;</p>","hsFormKey":"7c0f7f257579c2f41aa2bd4008b26fe8","pageTitle":"SAST, DAST, and IAST Security Testing","pageUrl":"https://www.contrastsecurity.com/security-influencers/why-the-difference-between-sast-dast-and-iast-matters?q_mailing_2M2F3BKsEG4ufTWJzRE5S62WgnHQXUq1r4MS=RnWQf3UKxQWrCo7BTB5cMru9QmCnkcc5hTYNaZgtuxUsyQjDGCtAC36U6","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36","urlParams":{"q_mailing_2M2F3BKsEG4ufTWJzRE5S62WgnHQXUq1r4MS":"RnWQf3UKxQWrCo7BTB5cMru9QmCnkcc5hTYNaZgtuxUsyQjDGCtAC36U6"},"pageName":"SAST, DAST, and IAST Security Testing","pageId":"343668889","contentType":"blog-post","formData":{"cssClass":"hs-form stacked hs-custom-form"},"isCMSModuleEmbed":true},"correlationId":"fd9d0608-bd39-45e8-8040-7deda0e940f3","disableCookieSubmission":"true","clonedFromForm":"6c27d769-d215-45b6-95b7-48948017467f","legalConsentOptions":"{\"legitimateInterestSubscriptionTypes\":[1283367,1129127,50712,37980472,35654253],\"communicationConsentCheckboxes\":[{\"communicationTypeId\":50712,\"label\":\"<p>I agree to receive email communications from Contrast Security.</p>\",\"required\":false}],\"legitimateInterestLegalBasis\":\"LEGITIMATE_INTEREST_PQL\",\"communicationConsentText\":\"<p>Contrast Security is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:</p>\",\"processingConsentType\":\"IMPLICIT\",\"processingConsentText\":\"<p>In order to provide you the content requested, we need to store and process your personal data. If you consent to us storing your personal data for this purpose, please tick the checkbox below.</p>\",\"processingConsentCheckboxLabel\":\"<p>I agree to allow Contrast Security to store and process my personal data.</p>\",\"privacyPolicyText\":\"<p>We take your privacy seriously at Contrast; security is what we’re all about in the first place! We use the information you provide to us on the basis of legitimate interest to make sure you get more information about the topics that may be of interest to you. Contrast also partners with third parties from time to time and may share your contact information with them. By submitting this form, you agree to our collection and use of your information in accordance with our <a href=\\\"https://www.contrastsecurity.com/privacy-matters\\\" target=\\\"_blank\\\" rel=\\\"noopener\\\">Privacy Policy</a>. You may opt out at any time <a href=\\\"https://www.contrastsecurity.com/subscribe\\\" target=\\\"_blank\\\" rel=\\\"noopener\\\">here</a>.</p>\",\"isLegitimateInterest\":true}","embedAtTimestamp":"1668759817435","formDefinitionUpdatedAt":"1667334587908","boolCheckBoxFields":"blog_subscriber","__hsfp":1059085154,"__hssc":"92971330.1.1668759822116","__hstc":"92971330.2a9279bf715c58f38d3bac3c8c9f3a4d.1668759822115.1668759822115.1668759822115.1","canonicalUrl":"https://www.contrastsecurity.com/security-influencers/why-the-difference-between-sast-dast-and-iast-matters","contentType":"blog-post","hutk":"2a9279bf715c58f38d3bac3c8c9f3a4d","renderedFieldsIds":["firstname","lastname","email","company","employee_range","country","lead_source_detail_last","lead_source_last","utm_campaign","utm_content","utm_medium","utm_source","utm_term","device","hsa_acc","hsa_ad","hsa_cam","hsa_grp","hsa_kw","hsa_mt","hsa_net","hsa_src","hsa_tgt","honey_pot","blog_subscriber"],"captchaStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.2359","sourceName":"forms-embed","sourceVersion":"1.2359","sourceVersionMajor":"1","sourceVersionMinor":"2359"}"><iframe
name="target_iframe_12d5ddc9-0f84-44d1-a609-82dd51f66b99_1603" style="display: none;"></iframe>
</form><form class="_hj-hRovs__styles__form">
<div class="_hj-c8PC+__styles__surveyBody">
<div aria-live="off" class="_hj-S9XKO__styles__surveyTitle " id="hj-survey-lbl-1">Help us improve our website:</div>
<div class="_hj-E2-N0__styles__surveyAnswers">
<div aria-labelledby="hj-survey-lbl-1" class="" role="radiogroup">
<div class="_hj-A3HLw__styles__closeEndedOption"><label style="color: rgb(17, 17, 17) !important;"><input type="radio" class="_hj-uHHqX__styles__closeEndedOptionInput"><span
class="_hj-xtIh3__styles__closeEndedOptionIcon _hj-S4Tmx__styles__radio _hj-sHuYH__styles__light"></span><span class="_hj-InliL__styles__closeEndedOptionText" style="color: rgb(17, 17, 17) !important;">Give feedback 💬</span></label>
</div>
<div class="_hj-A3HLw__styles__closeEndedOption"><label style="color: rgb(17, 17, 17) !important;"><input type="radio" class="_hj-uHHqX__styles__closeEndedOptionInput"><span
class="_hj-xtIh3__styles__closeEndedOptionIcon _hj-S4Tmx__styles__radio _hj-sHuYH__styles__light"></span><span class="_hj-InliL__styles__closeEndedOptionText" style="color: rgb(17, 17, 17) !important;">Report an issue🐞</span></label>
</div>
<div class="_hj-A3HLw__styles__closeEndedOption"><label style="color: rgb(17, 17, 17) !important;"><input type="radio" class="_hj-uHHqX__styles__closeEndedOptionInput"><span
class="_hj-xtIh3__styles__closeEndedOptionIcon _hj-S4Tmx__styles__radio _hj-sHuYH__styles__light"></span><span class="_hj-InliL__styles__closeEndedOptionText" style="color: rgb(17, 17, 17) !important;">Suggest an idea 💡</span></label>
</div>
<div class="_hj-A3HLw__styles__closeEndedOption"><label style="color: rgb(17, 17, 17) !important;"><input type="radio" class="_hj-uHHqX__styles__closeEndedOptionInput"><span
class="_hj-xtIh3__styles__closeEndedOptionIcon _hj-S4Tmx__styles__radio _hj-sHuYH__styles__light"></span><span class="_hj-InliL__styles__closeEndedOptionText" style="color: rgb(17, 17, 17) !important;">Something else (please
specify)</span></label></div>
</div>
</div>
</div>
<div class="_hj-XpAaA__styles__surveyFooter">
<div class="_hj-8Lgv6__styles__surveyActions"><button type="button" disabled="" class="_hj-81Zzt__styles__surveyActionButton _hj-O-7CS__styles__surveysPrimaryButton _hj-SU8LU__styles__primaryButton">Next</button></div>
<div class="_hj-PZjqr__styles__surveyBranding">
<a rel="noopener noreferrer" target="_blank" href="https://www.hotjar.com/feedback-surveys?utm_source=client&utm_medium=poll&utm_campaign=insights" class="_hj-fBs9+__styles__link" style="color: rgb(50, 50, 50) !important;"><img alt="Hotjar — Surveys page" class="_hj-KMFsk__styles__logo" src="https://script.hotjar.com/hotjar-black-mono.a08482.svg"></a>
</div>
</div>
</form>Text Content
Our website uses cookies to improve your experience. By using our site you agree
to our use of cookies. Privacy Policy
Got it! Decline
Skip to content
* Login
* Contrast Customer
* Contrast Partner
* Community Edition
* Contact Us
* Platform
* Contrast Secure Code Platform
* Contrast Scan (SAST)
* Contrast Assess (IAST)
* Contrast Protect (RASP)
* Contrast SCA
* Contrast Serverless (Cloud Native)
* Developer Central
* Log4j Response
* Pricing
* How We Compare
* Languages
* Integrations
Contrast Secure Code Platform
Contrast Scan (SAST)
Contrast Assess (IAST)
Contrast Protect (RASP)
Contrast SCA
Contrast Serverless (Cloud Native)
* Developer Central
* Log4j Response
* Pricing
* How We Compare
* Languages
* Integrations
* Solutions
* BY USE CASE
* DevSecOps
* Automated Penetration Testing
* AppSec Monitoring
* API and Microservices Security
* Software Supply Chain Security
* GitHub CI/CD
* Compliance
* BY DEPARTMENT
* Dev and DevOps Teams
* Security
* DevSecOps
* CISO
* BY INDUSTRY
* Government
* Financial Services
* Healthcare
* Others
BY USE CASE
DevSecOps
Automated Penetration Testing
AppSec Monitoring
API Security
Software Supply Chain Security
GitHub CI/CD
Compliance
BY DEPARTMENT
Dev and DevOps Teams
Security
DevSecOps
CISO
BY INDUSTRY
Government
Financial Services
Healthcare
Others
* Partner
* Technology Partners
* Channel Partners
* Federal Partners
* Integrations
* GitHub
* Channel Program Overview
* Become a Partner
* Visit Partner Portal
Technology Partners
Channel Partners
Federal Partners
Integrations
GitHub
* Channel Program Overview
* Become a Partner
* Visit Partner Portal
GITHUB ACTIONS BLOG SERIES, PART 1: PIPELINE NATIVE CODE ANALYSIS
Read the Blog
* Customers
* Company
* About Us
* Leadership Team
* Culture & Careers
* Contact Us
* Blog
* Events & Webinars
* Newsroom
* Awards
About Us
Leadership Team
Culture & Careers
Women of Contrast
Contact Us
* Blog
* Events & Webinars
* Newsroom
* Podcast
* Awards
"CONTRAST SPEEDS UP THE DELIVERY PIPELINE – WE FIX ISSUES EARLIER IN THE
DEVELOPMENT LIFECYCLE. GREAT FOR ANY COMPANY TRYING TO ACHIEVE A DEVSECOPS
APPROACH TO APPLICATION SECURITY.”
Read the G2 Report
* Resources
* Contrast for Developers
* Resource Center
* OWASP Top 10
* Executive Order on Cybersecurity
* Support
* Blog
* Events
* Glossary
* Contrast Incident Response Hub
* Log4j Vulnerability
* DHS Warning - Imminent National Cyberthreats
Contrast for Developers
Resource Center
OWASP Top 10
Executive Order on Cybersecurity
Live Weekly Demos
Support
Blog
Podcast
Events
Glossary
CONTRAST INCIDENT RESPONSE HUB
* Spring4Shell Vulnerability
* Log4j Vulnerability
* Weekly CISO Update
* Developers
* Get Demo
Developers Get Demo
SAST, DAST, AND IAST SECURITY TESTING
By Jeff Williams, Co-Founder, Chief Technology Officer
May 1, 2019
QUICK REVIEW OF APPLICATION SECURITY TESTING
When I attend social functions with friends, people often ask what I do. I'm
never quite sure where to start. "I run a small tech company that helps Java
applications run more securely" is probably overkill. "I help keep hackers out
of proprietary places by seeking out software issues and security flaws with
specialized tools" has worked.
But usually, I just default to asking them questions. "How much do you know
about software development tools and what developers do?" or "What field do you
work in?" or "Do you know much about writing code?" usually lets me know how
much depth I should go into with them.
Because you've stumbled upon our blog, I'm assuming that you know something
about computer programming, coding tools, and the development process, and that
you want to know how to find vulnerabilities in your software so that it’s more
secure to outside and inside threats. So I'm going to talk about dynamic
application security testing (DAST) and static application security testing
(SAST) for a moment, then explain why interactive application security testing
(IAST) is an approach that’s going to produce better results in a faster time
frame, helping developers meet their primary objective: creating software
solution that are secure.
Let’s take a quick look at SAST vs. DAST vs. IAST in the development/testing
process.
DYNAMIC APPLICATION SECURITY TESTING (DAST)
DAST, also known as black box testing, is an approach that tests a running
application's exposed interfaces looking for vulnerabilities, and flaws. It's
testing from the outside in, which is why it’s referred to as black box testing.
The technology and tools have been part of the development process for a while,
and are familiar to most people inside the application security world. DAST is
good at finding externally visible issues and vulnerabilities, and it makes it
easy to confirm by providing the URL. The downside of DAST is its heavy reliance
on experts to write tests, making it difficult to scale.
STATIC APPLICATION SECURITY TESTING (SAST)
SAST tools and technologies analyze the source code or bytecode from the inside
out, helping developers find issues and flaws inside their code. If you can
prevent vulnerabilities in software before you launch, you'll have stronger code
and a more reliable application. Everyone knows that false positives are an
issue when testing an application, but SAST can show you exactly where to find
issues in the code. Like DAST, SAST requires security experts to properly use
SAST tools and solutions.
CONTINUOUS VS. SNAPSHOT IN TIME
Because legacy SAST, DAST, and pen testing only provide a snapshot in time, they
can’t keep up with today’s agile software development lifecycle processes.
Contrast provides a modern approach to application security testing by embedding
security expertise in the application itself. This embedded (agent-based),
scalable, always on solution fits seamlessly across development and production
environments, using Contrast sensors that provide real-time vulnerability and
attack telemetry throughout application workflows.
IAST (INTERACTIVE APPLICATION SECURITY TESTING)
According to the research firm Gartner, "...next-generation modern web and
mobile applications require a combination of SAST and DAST
techniques...interactive application security testing approaches have emerged
that combine static and dynamic techniques to improve testing." That's the
bottom line with IAST: When we compare SAST vs. DAST, IAST gets better results.
That's probably why Gartner recommends IAST and IAST tools for providing greater
testing accuracy. Just imagine if you could find vulnerabilities while
eliminating 99% of all false-positive results in your software development
efforts. See why Gartner positioned Contrast as "A Visionary in the Gartner
Magic Quadrant for Application Security Testing."
HOW DOES INTERACTIVE APPLICATION SECURITY TESTING (IAST) WORK?
An IAST agent instruments solutions, performing all of the analysis in real time
from within your application. This could be done in your integration development
environment (IDE), in QA, or even while running in production. By doing the
analysis from within the application itself, the agent has access to:
* All the code for the application
* Runtime control and data flow information
* Configuration information
* HTTP requests and responses
* Libraries, frameworks, and other components
* Backend connection information
Access to all this information allows IAST tools to cover more code, produce
more accurate results, and verify a broader range of security rules than either
SAST tools or DAST tools on their own. In addition, IAST agents are easy to
install and don't require any application security expertise to use. They simply
work better.
So the question remains: "Which one is best?" or "Which one should I use?" or,
ultimately, "If I can only afford one security application tool integrated into
our SDLC, which one do I choose?"
To learn more about the advantages of IAST, visit our blog about the 7
Advantages of Interactive Application Security Testing (IAST), or visit our IAST
solution page: Contrast Assess.
You can also schedule a demo from a Contrast Assess expert today!
GET DEMO
Most companies build or buy software applications to run their business.
Unfortunately, application code exposes critical vulnerabilities to hackers.
Contrast solves this complex problem with a bold new secure technology platform
that transforms application security by making software self-protecting.
Intelligent Contrast agents are injected into the code, instrumenting
applications with thousands of smart, agile sensors that detect and correct
vulnerabilities before deployment, and protect the software applications in
operation. No legacy security tool can protect every application, but a
tenacious army of intelligent Contrast sensors can. Because Contrast technology
works hand-in-glove with agile and DevOps teams, it transforms every software
application in a company’s portfolio from a weak spot into a strong point to
decisively repel attacks.
To learn more about Contrast portfolio of products:
* Interactive Application Security Testing - Used for infusing software with
vulnerability assessment capabilities
* Runtime Application Self-Protection - Used for monitoring and protecting
cloud applications
* Open Source Security Software and Compliance - Used for managing open source
software risk in DevOps solutions
Feel free to watch a short video to see how IAST works and integrates into the
SDLC.
1:20
JEFF WILLIAMS, CO-FOUNDER, CHIEF TECHNOLOGY OFFICER
Jeff brings more than 20 years of security leadership experience as co-founder
and Chief Technology Officer of Contrast Security. He recently authored the
DZone DevSecOps, IAST, and RASP refcards and speaks frequently at conferences
including JavaOne (Java Rockstar), BlackHat, QCon, RSA, OWASP, Velocity, and
PivotalOne. Jeff is also a founder and major contributor to OWASP, where he
served as Global Chairman for 9 years, and created the OWASP Top 10, OWASP
Enterprise Security API, OWASP Application Security Verification Standard, XSS
Prevention Cheat Sheet, and many more popular open source projects. Jeff has a
BA from Virginia, an MA from George Mason, and a JD from Georgetown.
Previous
Privilege Escalation in Popular Blogging Platform
Next
Using Contrast to prevent the Weblogic Remote Code Execution (RCE)
Deserialization Vulnerability - CVE-2019-2725
SUBSCRIBE TO THE CONTRAST BLOG
By subscribing to our blog you will stay on top of all the latest appsec news
and devops best practices. You will also be informed of the latest Contrast
product news and exciting application security events.
Company Size*0-499500-19992000-49995000-999910000+
HQ Country*United
StatesCanadaAustraliaBelgiumBrazilChileChinaColombiaComorosCongoCongo
{Democratic Rep}Costa RicaCroatiaCubaCyprusCzech
RepublicDenmarkEritreaFinlandFranceGermanyGhanaGreeceIcelandIndiaIndonesiaIranIraqIrelandIsraelItalyJapanKuwaitLithuaniaMalaysiaMexicoMoroccoNetherlandsNew
ZealandNigeriaNorwayPakistanPhilippinesPolandPortugalRomaniaRussian
FederationSaudi ArabiaSingaporeSlovakiaSloveniaSouth AfricaSouth
KoreaSpainSwedenSwitzerlandTaiwanThailandTurkeyUnited Arab EmiratesUnited
KingdomVietnamPuerto RicoTrinidad and TobagoTimor-Leste
Lead Source Detail Last
Lead Source Last
utm_campaign
utm_content
utm_medium
utm_source
utm_term
device
hsa_acc
hsa_ad
hsa_cam
hsa_grp
hsa_kw
hsa_mt
hsa_net
hsa_src
hsa_tgt
Honey Pot
We take your privacy seriously at Contrast; security is what we’re all about in
the first place! We use the information you provide to us on the basis of
legitimate interest to make sure you get more information about the topics that
may be of interest to you. Contrast also partners with third parties from time
to time and may share your contact information with them. By submitting this
form, you agree to our collection and use of your information in accordance with
our Privacy Policy. You may opt out at any time here.
NAVIGATION
* PLATFORM
* Contrast Security Code Platform
* Developer Central
* Contrast Scan (SAST)
* Contrast Assess (IAST)
* Contrast Protect (RASP)
* Contrast SCA
* Serverless (Cloud Native)
* Log4j
* Pricing
* How We Compare
* Languages
* Integrations
* SOLUTIONS
* DevSecOps
* Automated Penetration Testing
* AppSec Monitoring
* Compliance
* API Security
* Software Supply Chain Security
* GitHub CI/CD
* Dev and DevOps Teams
* Security
* DevSecOps
* CISO
* Government
* Financial Services
* Healthcare
* Other
* CUSTOMERS
* Case Studies
* PARTNERS
* Technology Partners
* Channel Partners
* Federal Partners
* GitHub
* Integrations
* Channel Program Overview
* Become a Partner
* Visit Partner Portal
* RESOURCES
* Contrast for Developers
* Resource Center
* OWASP Top Ten
* Executive Order on Cybersecurity
* Support
* Blog
* Upcoming Events
* Glossary
* Contrast Incidence Response Hub
* Log4j Vulnerability
* DHS Warning - Imminent National Cyberthreats
* COMPANY
* About Us
* Leadership Team
* Culture & Careers
* Contact Us
* Blog
* Events & Webinar
* Newsroom
* Awards
CONTRAST SUPPORT
* Support documentation
* File a support request
* API documentation
* Terms of service
* Privacy matters
* System Status
* Contact us
Contrast Security is the leader in modernized application security, embedding
code analysis and attack prevention directly into software. Contrast’s patented
deep security instrumentation completely disrupts traditional application
security approaches with integrated, comprehensive security observability that
delivers highly accurate assessment and continuous protection of an entire
application portfolio. This eliminates the need for disruptive scanning,
expensive infrastructure workloads, and specialized security experts. The
Contrast Application Security Platform accelerates development cycles, improves
efficiencies and cost, and enables rapid scale while protecting applications
from known and unknown threats.
Help us improve our website:
Give feedback 💬
Report an issue🐞
Suggest an idea 💡
Something else (please specify)
Next