When people think of application security technologies, they think SAST, DAST, WAF, and maybe SCA. These technologies have served us well thus far, but they are not without limitations. In this day and age where rapid release, continuous integration and testing, polyglot programming, microservices architectures, devops practices and cloud deployment, they are showing their age. Over the past couple of years, we have started to see the emergence of a new breed of application security technologies, namely Runtime Application Self Protection (RASP) and Interactive Application Security Testing (IAST). However, both of these technologies are very new, and different vendors have taken very different implementations, resulting in highly different capabilities. Come and understand what the state of the art is in AppSec Testing, what each next generation technology offers in terms of solutions, what the benefits of each approach is, and what limitations and constraints they come with. At the end of the talk, you’ll be able to see through all the marketing and better understand the benefits of each approach to your organization.