Which type of testing involves assessing an application while it is being interacted with?

Interactive Application Security Testing (IAST) involves assessing an application while it is being interacted with in real time. This type of testing combines aspects of both static and dynamic testing by monitoring the application during its execution, which allows for identifying security vulnerabilities, coding errors, and other potential issues as users interact with the application.

This dynamic approach provides a comprehensive analysis of the application since it evaluates how the components and layers behave when put under operational conditions. It captures information about vulnerabilities that may not be detectable through static analysis alone, as it reflects actual usage scenarios. This makes IAST particularly effective in uncovering issues related to data flow, user interactions, and backend processes that static testing would miss.

In contrast, static application security testing assesses the source code without executing the program, focusing solely on the code itself rather than its behavior during execution. Unit testing and regression testing are primarily about verifying functionality and performance of code, but they do not focus explicitly on real-time security vulnerabilities associated with user interactions.