Agile development’s cycle of deployments and patches generates ample opportunities for hackers looking for a way in. Application security must be strong, vigilant, and nimble. Read our insights.
Avoid A Bot Waterloo
I don’t follow the Eurovision Song Contest closely, but I know that ABBA famously won decades ago with “Waterloo” and that a few other contest winners — Celine Dion, Måneskin — have achieved global success afterwards. This year, though, an article about Eurovision got my attention. It seems that tickets to the live Eurovision performances […]
Product Management And Security Collaboration Benefits More Than Product Security
As part of Forrester’s research into securing what you sell, we have long advocated for security leaders to overlay their own activities with the rest of the product team and to engage in the product lifecycle before the product has even been defined. Last year, we reached out to product management decision-makers to learn more […]
Shape Your 2023 Cybersecurity Priorities For Uncertain Times
Join us for a planning webinar to learn how you can budget and align your 2023 cybersecurity plans for what’s ahead.
2023 Security Recommendations: Protect Your Ass(ets) And Lawyer Up
Forrester recently published Top Recommendations For Your Security Program, 2023 for CISOs and other senior cybersecurity and technology leaders. This year’s overarching theme involves protection (as you might expect) — but not exactly in the way you’d think in the context of security. In 2023, our recommendations fall into three major strategic themes for security […]
Get A Head Start On The National Cybersecurity Strategy
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
When It Comes To Zero Trust, Nobody Puts Appsec In A Corner
Zero Trust has seen an increase in adoption over the past few years — Forrester’s Security Survey, 2022, shows that 83% of global large enterprises are reporting that senior leadership has committed their organizations to the adoption of Zero Trust. Aspects of the Zero Trust model continue to be misunderstood, however. The industry is still […]
Responding To The Cybersecurity Signal In The Sky, A Hero Steps Out Of The Shadows: Software Composition Analysis
Software composition analysis (SCA) has lived for many years in the shadow of static application security testing (SAST) and dynamic application security testing (DAST) tools that have commanded bigger budgets, stakeholder attention, and vendor competition. This changed in May of 2021 when President Biden called on the public and private sector to secure the US […]
Ringing In The New Year With Minimum Viable Security
Learn the benefits of implementing a minimum viable security strategy and get some clear next steps on putting it into practice at your organization.
Not So Fast — Mind QR Code Risks, Or Get Ready For Damage Control
In December 2022, a scammer in California worked up fake parking tickets with QR codes on them, directing citizens to a phishing site collecting payment card information — just one of many such recent QR code-related scams. Though QR code use surged in popularity during the COVID-19 pandemic because of customer desire for touchless interactions, QR-code risk management is not maturing at the same rate as adoption.
Predictions 2023: Security Pros Face Greater Internal Risks
On top of the usual challenges, in 2023, security pros will see more risk coming from internal forces, such as enabling anywhere work and the future of the office. Learn more in our 2023 predictions.
Turn Away The Bots, Not Your Customers
Bot management solutions today offer a wide array of options. To know the right choice for your retail organization, know your customers.
In The Mature WAF Market, Product Offerings Continue To Expand
At first glance, the web application firewall (WAF) market — populated by long time vendors with robust partner programs, extensive supporting services, and a slew of customer engagement opportunities — may seem like a space that has topped out. However, changes in how organizations develop and deploy applications — more hybrid cloud, more APIs, more […]
Shape Your 2023 Cybersecurity Priorities For Uncertain Times
As 2023 approaches, security leaders are hard at work planning for the cybersecurity trends headed our way – setting budgets, developing plans, and establishing priorities. Is your plan on track?
We Are Living In A Serverless World
In that world, security concerns remain. Here's what leaders and teams need to know.
School Is In Session, But AppSec Is Still On Vacation
The pandemic accelerated organizations’ move to digital work, and the market responded to the increased demand. New applications and features were built, deployed, and released at a rate that previously would not have seemed possible. In Forrester’s Developer Survey, 2022, 67% of developers said they release incremental software changes into production at least monthly, and […]
New Security & Risk Planning Guide Helps CISOs Set 2023 Priorities
Which security technologies should be getting the investment in 2023, and which ones should you be scaling back on? Read a few key takeaways from our planning guide for security and risk leaders.
Vulnerability Programs Must Regain Trust To Inspire Action
Is using CVSS scores for risk prioritization leading to misalignment and even mistrust in your organization? Find out in this Security & Risk event session preview.
PerimeterX Keeps It HUMAN
In a stunner this morning, HUMAN announced that it would merge with bot management rival PerimeterX (keeping the HUMAN name for the combined company). While we have seen some web application firewall (WAF) vendors acquire bot management capabilities (F5 and Shape, Imperva and Distil), seeing two bot management vendors join forces may raise some eyebrows. […]
The Interminable Wait: The NIST Post-Quantum Competition
While we wait to learn the winners, here's a bit of history.
Déjà Vu As Synopsys Buys DAST
Synopsys announced its intention to acquire WhiteHat from NTT for $330 million in cash. WhiteHat was acquired by the Japanese telecommunications provider NTT back in 2019. The subsidiary was later rebranded to NTT Application Security. In the press release, Synopsys emphasized the strength of the WhiteHat brand, its dynamic application security testing (DAST) offering, and […]
Meet The New Analyst Covering Vulnerability Risk Management: Erik Nost
What Topics Will You Be Covering at Forrester? I am very excited to be covering vulnerability risk management (VRM) at Forrester, including threat modeling and management and penetration testing. Some of the areas in VRM that I hope to explore include: Vulnerability risk prioritization, especially with new “zero days” hitting at what seems like every […]