Which testing approach performs security tests while the application is running and in use?

Interactive Application Security Testing focuses on testing security while the application is running and in use, by instrumenting the running app or using an in-process agent to observe live behavior as tests exercise it. This setup lets the test tool watch real data flows, memory usage, API calls, and library interactions in the exact runtime context, linking any findings to specific code paths and configurations. Because the tests occur inside the running application, they see how the software behaves with real inputs and state, making security findings more accurate and actionable with fewer false positives than external scanners alone. It also enables immediate verification of issues as they would occur in production-like use, which static analysis or purely external testing can miss.

Continuous Delivery is a development pipeline practice that focuses on automating builds, tests, and deployments, not on running security tests inside the live application. A fuzzer targets robustness by sending many crafted or random inputs, often from outside the running app, to provoke crashes or vulnerabilities without necessarily observing internal runtime context. Software assurance is a broad program that encompasses policies, processes, and tools to ensure software security and quality, rather than a specific in-use testing technique.