Checkmarx Named a Leader in Gartner Magic Quadrant for Application Security Testing

Checkmarx Interactive Application Security Testing (CxIAST)

Automate the detection of run-time vulnerabilities during functional testing

Hero Image

Continuous Detection of Run-time Vulnerabilities

Checkmarx Interactive Application Security Testing fills the critical software security gap by leveraging existing functional testing activities to automate the detection of vulnerabilities on running applications.  It is the industry’s first IAST solution that fully integrates with a Static Application Security Testing solution and offers customization of queries, leading to greater vulnerability coverage and more accurate results.

Optimize your remediation efforts at scale

The only IAST product in the market that is fully integrated with a best-of-breed SAST solution, enabling cross-product correlations that accelerate time-to-remediation. The code-level insight produced by static analysis, combined with the run-time knowledge coming from IAST, provides developers with a better understanding of where to fix the problem.

Automate security testing using your existing processes

Checkmarx IAST relieves organizations from having to carry out dedicated security testing on running applications. A non-intrusive agent transparently integrates into the testing environment, continuously monitoring application activity to provide real-time feedback. Once functional testing is over, the security “scan” is also completed.

Deliver security as fast as applications change

Checkmarx IAST is built for DevOps, seamlessly fitting QA automation or CI/CD pipelines. The detection of vulnerabilities on running applications is automated to support application portfolios of virtually any size.

Complete your software security testing portfolio

Checkmarx IAST extends Checkmarx’s offering to fill a critical layer in your software security portfolio. While static analysis and software composition analysis ensure that you have scanned all home-grown code and third-party open source libraries, there are still certain flaws that can only be detected on a running application. Checkmarx IAST seals your SDLC with a security “stamp” without interrupting your existing DevOps and CI/CD workflows.

Supported Languages

Vulnerability Coverage

SQL Injection
XSS Injection
OS Command Injection
Path Traversal
XPath Injection
Parameter Tampering
Open Redirect
Trust Boundary Violation
Cross-Site Request Forgery
Sensitive Data Leakage
And More...

Additional Resources

Datasheet

Checkmarx Interactive Application Security Testing

Webinar

What The Heck is IAST?

Infographic

IAST vs SAST and DAST

Ready to Learn More?

Request a Demo