Determining security flaws in an application. There are generally four approaches to application security testing (AST). With access to the source code, static AST (SAST) is performed before the app is launched to the public, and interactive AST (IAST) tests the code in all dependent software libraries the application uses.
No Access to the Source Code
Without access to the programming code, dynamic AST (DAST) refers to external tests of the deployed application. Runtime AST (RAST) is a set of tests built into the application itself. See
Web application security.