Roughly a year and a half ago I began a process of measuring the importantance of technologies in the mobile security space. I'm currently beginning that same process for the application security market. Many technologies exist that provide business value to enterprises for the security of their applications, but which ones are better at delivering on the business value that the enterprise really wants? Have any of these technologies outlived their usefullness, falling to innovation and new ideas? Which technologies should the enterprise prioritize spending their limited security budget on? I hope to answer these questions and more!
I've identified nine distinct application security technologies that make up the application security market. (Link to additional details!). I'm sure there are technologies that I've missed and arguments to be made to remove something. As always, my research is significantly improved with your help!
If you are interested in participating in this research or have feedback on the technology list, respond via this web form, in the comments below, or via email / tweet to email@example.com (@txs).
|Web application firewall (WAF)
(Runtime, Instrumented, Interactive)
|Manual Application Penetration Testing and Application Consulting Services
|Penetration Testing Tools
|Fuzz Testing Tools
|Software Composition Analysis