As of May 2026, there are 9 SaaS companies in Interactive Application Security Testing (IAST) Software. They have combined revenues of $264.4M and employ 1.7K people. They have raised $245M and serve 2.8M customers combined.
Interactive Application Security Testing (IAST) Software is a security testing methodology designed to identify vulnerabilities within applications in real time. By monitoring application behavior during various testing processes, such as quality assurance (QA) or automated testing, IAST tools analyze code execution, data flow, and system responses, providing immediate feedback on security issues. The primary use cases of IAST include vulnerability detection during the application development cycle, production monitoring, and integration with continuous integration/continuous deployment (CI/CD) pipelines. Typical features include automated scanning, real-time risk assessment, and reporting capabilities that assist development and security teams in ensuring the security posture of applications. Common buyer personas include security analysts, application developers, and quality assurance professionals who seek to enhance application security measures throughout the software development lifecycle.
Sorting: Highest -> Lowest
Showing 10 of 5 companies ranked by annual revenue.
Los Altos, California, United States
Contrast Security is the only Application and API Security platform purpose-built to detect and stop live application-layer attacks. It delivers real-time and always-on application security inside applications and APIs.
United States
Positive Technologies is a leading developer of products, solutions and services for result-driven cybersecurity that enable detection and prevention of attacks before they cause unacceptable damage to businesses and entire economic sectors. The company's technology portfolio covers most categories of information security tools and continues to expand. We create meta-products — a new generation of tools for achieving effective cybersecurity with minimal human involvement. For over 20 years, we've been creating and implementing technologies that demonstrate real results in cybersecurity and radically improve our clients' security levels.
Knutsford, Cheshire, United Kingdom
PortSwigger is a global leader in cybersecurity, specializing in web application security testing. They created Burp Suite, the leading toolkit for web application security testing.
San Francisco, California, United States
Semgrep is an application security platform that scans code for bugs and security vulnerabilities, helping developers to write secure code.
Chicago, Illinois, United States
NowSecure is the leader in Mobile Application Risk Management, providing automated and human-augmented testing solutions that deliver speed, depth, and accuracy to protect the mobile ecosystem. Trusted by hundreds of enterprises, government agencies, and global brands, NowSecure helps organizations accelerate mobile innovation while managing security and privacy risks with confidence.
- The software must provide real-time monitoring of applications to identify vulnerabilities during runtime. - It should integrate with existing development workflows and tools, such as CI/CD pipelines. - The product must offer automated scanning capabilities to assess application security continuously. - It should provide detailed reporting on vulnerabilities and security risks discovered. - The tool must support both static and dynamic analysis techniques, not just one method exclusively. - It must cater to software development teams, including application developers and security analysts.
Each Tuesday, we reverse-engineer a real SaaS company's revenue, profit, CAC, funnels, and its top growth tactic.
Sign up to access all features
Sign up with GoogleSign up with LinkedInAlready have an account? Log in
GetLatka is trusted by 200k+ founders, researchers, and marketers.
No contracts, cancel at any time