Once a month I use my blog to highlight some of S&R’s most recent and trending research. This month I’m focusing on application security and asking for your help with some of our upcoming research into the security and privacy risks associated with Internet of Things (IoT). IoT is any technology that enables devices, objects, and infrastructure to interact with monitoring, analytics, and control systems over the Internet. The illustrious and debonair, Tyler Shields (@txs), will lead our research into IoT security, but as the risks become more and more concrete for various verticals, you can expect the entire team to engage in this research.

Take our IoT security survey and talk with our analysts! If you contribute to the emerging IoT market, please fill out this brief survey (http://forr.com/2015-IoT-Security-Survey). Participants will receive a complimentary copy of the completed research report and we'd be happy to interview anyone who would like to discuss IoT and security in detail. Be sure to reach out to Tyler (tshields@forrester.com) or Jennie Duong (jduong@forrester.com) if you’re interested.

Now back to application security. When I talk with CISOs and ask to them to identify some of their biggest areas of weakness, application security, identity and access management, and incident management and forensics usually top the list. Yet despite the importance of application security, the solutions in this space have been stagnant during the past five or six years. But this is all set to change. As we highlighted in our recent Top 11 Trends S&R Pros Should Watch: 2015 report, beginning now, we expect vendors in this space, primarily through partnerships and acquisitions, to expand their traditional portfolios beyond static application security testing (SAST) and dynamic application security testing (DAST). The goal? Offer a one stop shop for most of your application security technology needs. Want to know more about the latest in application security? Read on:

  • First, Tyler identified the 10 most important technologies that affect the current and future state of application security in his TechRadar™: Application Security, Q2 2015. Read this report to understand the trajectory, operational use cases, and the required investment for fuzz testing, secure design, web application firewall, application hardening, software composition analysis, penetration testing, dynamic application security testing, static application security testing, manual penetration testing and consulting services.
  • Next, be sure to pick the best partner for your application security testing needs. Tyler recently also published The Forrester Wave™: Application Security, Q4 2014. He used Forrester’s 82-criteria evaluation to see how Beyond Security, Checkmarx, Contrast Security, Coverity, HP Fortify, IBM, Qualys, Quotium, Trend Micro, Veracode, Virtual Forge, and WhiteHat Security stack up against each other.
  • Still not convinced? Tyler, Kelley, and Rick collaborated on Quick Take: Rapid7 Pushes Into Application Security With Its NT Objectives Acquisition to analyze the implications of Rapid7’s recent acquisition of NT Objectives. Read the full report to see how Rapid7’s actions will affect their success, their competitors, and the rest of the security market.