Interactive Application Security Testing
IAST instruments an application from the inside, usually via an agent in the runtime, and watches code execute while functional or security tests exercise it. It combines the code-level precision of static analysis with the real-world accuracy of dynamic testing, which cuts down false positives. It fits best in the test phase of the lifecycle, running alongside QA suites in CI.