Combine static and dynamic testing approaches. IAST instruments the application from within the runtime to detect vulnerabilities as QA or automated tests traverse the app.