appsec-glossary
Safeguard articles tagged "appsec-glossary" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Interactive Application Security Testing (IAST) explained
IAST tests applications from the inside while they run, catching flaws SAST and DAST miss alone. Here's how it works, how Checkmarx uses it, and where gaps remain.
What is SAST? Static Application Security Testing explained
SAST scans source code for vulnerabilities before deployment. Learn how it works, where it fits vs. DAST/SCA, its false-positive limits, and 2026 tooling.
Dynamic Application Security Testing (DAST)
DAST tests running apps like an attacker would. Learn how it works, what it catches and misses, and how PCI DSS 4.0 now mandates it.
Interactive Application Security Testing (IAST)
IAST instruments running apps to catch injection flaws and unsafe data flows in real time. Here's how it works, its limits, and where it fits.
Runtime Application Self-Protection (RASP)
RASP blocks attacks from inside a running app. Learn how it works, how it differs from a WAF, its limits, top vendors, and where it fits with SAST/SCA.