"IAST leverages any interaction with the application into a security test, even if it is legitimate and doesn't contain any malicious properties."
Lalitha S. Prasad, Application Security SME