The security of your software applications is essential to protect sensitive data, maintain the trust of your users, and comply with regulatory requirements. New Relic Interactive Application Security Testing (IAST) can help you to prevent cyberattacks and breaches on your applications by probing your running code for exploitable vulnerabilities.
New Relic IAST helps address some of the limitations of more traditional application security tools like SAST, DAST, and penetration testing. IAST helps you with the false positive findings, which increase developer confidence and drive efficiency. You get double duty from your QA tests to continuously detect and prioritize vulnerabilities that are exploitable, along with guidance on how to eliminate the risk.
IAST helps you:
- Find and fix exploitable vulnerabilities: no need to wait for scan results.
- Ship code faster: unmatched detection accuracy and substantially fewer false positives.
- See and secure every application: full visibility into your code, web components, and configuration data.
- Reduce time and cost: when you eliminate vulnerabilities.
- Cut down the noise: use of both static application security testing (SAST) and dynamic application security testing (DAST) analysis.
Go to one.newrelic.com > All capabilities > IAST to open the IAST testing status page.
IAST is fully integrated with New Relic Vulnerability Management, allowing you to continuously and quickly find, fix, and verify high-risk vulnerabilities across the software development lifecycle. IAST's exclusive proof of exploits help you to use your time more efficiently. You can save your wasted time to chase false positives, reproduce vulnerabilities, and work low-impact security risks.
Our agents delivers New Relic IAST and you can enable it with a simple configuration setting change. IAST is available for these languages:
APM version 3.29.1 or higher
APM version 8.9.1 or higher
APM version 11.10.3 or higher
Follow these instructions to install New Relic IAST.
About vulnerability severity (CVSS score)
Discovering a vulnerability is important, but can be of little use without the ability to estimate a severity to each vulnerability. IAST assigns a qualitative severity to each vulnerability found in the system and according to the severity score of the Common Vulnerability Scoring System (CVSS). IAST works on CVSS version 3 (CVSSv3) for scoring.
The following table shows the version 3 (CVSSv3) ratings.
Base Score Range