Interactive Application Security Testing (IAST) überwacht laufende Anwendungen und APIs, um Schwachstellen zu finden und zu beheben, ohne die Entwicklung zu verlangsamen. Die DevOps- und Sicherheitsteams können die Ergebnisse von IAST-Scans automatisch mit den Ergebnissen von DAST- und SAST-Scans abgleichen, um Probleme zu gruppieren und schneller zu beheben.
Schnelles Auffinden, Einordnen und Beheben kritischer Schwachstellen:
- Anreicherung von DAST-Problemen mit IAST/SAST-Details
- Priorisierung von SAST-Ergebnissen anhand der Genauigkeit von IAST/DAST-Ergebnissen
- Validierung von SAST-Behebungen mit IAST/DAST-Status-Updates
- Reduzieren von Abhilfemaßnahmen durch Gruppierung von Problemen
API Discovery
API Discovery
HCL AppScan IAST can automatically detect and catalog all internal APIs being used in an application. Additional information can be gathered from SCA scans of the open-source packages used to develop APIs. These findings are critical for understanding your security risk level and reporting that to the necessary stakeholders.
Auto-Issue Correlation
Auto-Issue Correlation
HCL AppScan Auto Issue Correlation extracts data from each IAST, DAST and SAST issue and then uses a variety of heuristics to identify correlations. This effectively reduces the overall number of vulnerabilities and remediation tasks by grouping issues together where they can be addressed quickly and completely.
- DAST findings can be enriched with the details found in corresponding IAST and SAST scans, both of which have a view of the source code.
- SAST findings can be prioritized for remediation by using the accuracy of corresponding IAST and DAST results.
- SAST fixes can be validated with subsequent IAST and DAST scans that provide status updates on all correlated findings.
Patented Java Solution
Patented Java Solution
Our patented Java deployment solution needs less configuration and takes less time to set up since IAST can be deployed as a java agent AND also as a web application. You can start up scanning faster, deploy IAST after the web server has already started, and remove the IAST agent without restarting the server. Our agent also detects if there's an updated version of itself, downloads it and upgrades itself automatically (ASoC only).
Patented .NET Solution
Patented .NET Solution
Our patented IAST deployment solution for .NET is the fastest on the market and runs in managed code versus native code. You don't have to disable basic .NET optimizations and since our IAST agent runs as part of the .NET code itself you will have access to more capabilities and be able to discover more issue types.
Eliminate False Positives
Eliminate False Positives
HCL Appscan IAST has also received patents for advanced algorithms that track information flowing through your application. Detected vulnerabilities automatically trigger additional checks to greatly reduce any false positives in the final report.
These checks include complex algorithms that replicate your code flow in real time and try to attack it in various ways. If you write your own working sanitization code, HCL AppScan IAST will detect it and not report on issues that go through it.