Interactive Application Security Testing tools are a relatively new addition to the web application security landscape. IAST tools aim to combine the benefits of SAST and DAST to create a more complete picture of application vulnerabilities. IAST tools are embedded within the application and have visibility into the code. While the application runs automated functional tests within a staging environment, IAST will search code execution paths for possible vulnerabilties. Some may even try to perform attacks on parts of the code that may be vulnerable to validate errors and reduce false positives. A downside of IAST is the heavy dependency on a large suite of automated functional tests.