Application Security

Agile development’s cycle of deployments and patches generates ample opportunities for hackers looking for a way in. Application security must be strong, vigilant, and nimble. Read our insights.

Discover how Forrester supports technology executives.

Insights

Blog

The Five Things Your Mobile Development Team Needs To Know About The Ecosystem

Andrew Cornwall October 5, 2021
A few years ago, you had a big system if you had a thousand simultaneous users. Today, it means you have a moderately successful app or website. Your users place additional demands on your ecosystem now — in large part due to the limitations of the mobile devices they have. What does this mean for […]
Read More
Blog

The Application Security Market Will Grow To $12.9 Billion By 2025

Sandy Carielli September 23, 2021
Application security budgets are on the rise. Find out which sectors of the market will see the most dramatic investment and why.
Read More
Blog

Our Take On The Microsoft Power Apps Portals Data Leak

John Bratincevic September 1, 2021
In light of the recent Power Apps portals data leak, learn three key points about the security of low-code platforms.
Read More
Blog

European Security Leaders Must Invest In AppSec To Catch Up With Their Peers Across The Globe

Sandy Carielli August 31, 2021
Like the rest of the world, European firms have been forced to pivot to digital experiences in the last year, even, as in the case of Italian luxury goods businesses, when digital went against long-standing cultural norms. As their firms pivot, European security leaders would do well to remember that vulnerable web applications are a […]
Read More
Blog

SCA Vendors Are Leading The Way On Diversity, Equity, And Inclusion

Sandy Carielli August 31, 2021
It’s no secret that the security industry has a DEI problem. Yes, I just linked to six different articles or social media posts supporting that point, and I’ve barely scratched the surface. My colleagues, Jinan Budge, Jess Burn, Allie Mellen, and Alla Valente, authored a blog about gender bias in the security industry last month, […]
Read More
Blog

Software Composition Analysis Is A Core Tool To Protect Your Software Supply Chain

Sandy Carielli August 18, 2021
Over the past year, breaches such as SolarWinds and Kaseya have woken us up to the realities of software supply chain risk. Whether through infiltrating the software delivery pipeline, deliberately uploading malicious components to popular repositories, or taking advantage of existing vulnerabilities in open source components, attackers are leveraging gaps in supply chain controls to […]
Read More
Blog

Invest Now: Your Interoperability Strategy Will Drive Patient Outcomes

Natalie Schibell July 7, 2021
“The first wealth is health.” — Ralph Waldo Emerson These words of perennial wisdom are a compelling reminder that public health is the bedrock for constructing a prosperous economy and nation. This very philosophy beckoned me to the healthcare field as a student and public health professional for the past two decades. My name is […]
Read More
Blog

Reflecting On KubeCon 2021

Brent Ellis May 7, 2021
Kubernetes has made a huge impact on how businesses deploy applications and how they adopt cloud. This year’s KubeCon + CloudNativeCon Europe 2021 virtual agenda was very broad, touching almost every aspect of both developer and operations journeys. As Lee Sustar noted in his blog earlier this week, Kubernetes is being used in a variety […]
Read More
Blog

It’s Time For E-Commerce And Security Pros To Collaborate To Combat Bot Fraud

Sandy Carielli May 6, 2021
Bots are bigger than the security team. Conversations with security professionals concerned about bots often start with credential stuffing attacks, but the bot landscape is much broader and can directly impact your top line. Even the defenses have business impacts: A bot management solution that slows down traffic on the biggest shopping day of the […]
Read More
Blog

Make Application Security A Top Priority

Sandy Carielli March 23, 2021
When we launched the most recent Forrester Analytics Business Technographics® Security Survey, it was summer of 2020. We’d been in quarantine for about three months, and firms had long since realized that they needed to digitally transform their businesses (and fast) in order to survive the new normal. That meant a lot of application development, as […]
Read More
Blog

Just In Time, The SAST Market Has Embraced The Developer

Sandy Carielli January 11, 2021
The classical challenge with static application security testing (SAST) was bridging the gap between security and development. In SAST’s early days, it was a tool for security pros, who threw the results of prerelease scans over the wall to developers to fix. Developers had to contend with large numbers of unclear findings and false positives, […]
Read More
Blog

It’s Likely You Already Have Low-Code Developers — Get Them Into Your Security Neighborhood

Sandy Carielli January 4, 2021
Security pros should work to integrate security into the developer experience to ensure customer-facing applications are secure. Consider these three points to get started.
Read More
Blog

Bots Kept Jeff From Buying A PS5, And Sandy Had To Hear About It

Sandy Carielli November 18, 2020
It’s not that I’m not a gamer. I enjoy board games and card games: Trivial Pursuit, Settlers of Catan, SET, Hive. I’m up to level 3056 in Two Dots. As a kid, I played Super Mario Land on my brother’s Game Boy and Sonic the Hedgehog on the family Sega Genesis. But I’ve never been […]
Read More
Blog

Thinking Ransomware Defense: Air Gaps?

Naveen Chhabra October 29, 2020
Air Gaps Aren’t Effective; Scratch Them From Your List . . . The number of companies falling victim to ransomware attacks continues to grow each day. Ransomware inflicts extreme pain, leading to business closure or significant business disruptions. Vendors are developing technology architectures and approaches to solve for these challenges. Each technology and approach has […]
Read More
Blog

The Power And The Peril Of APIs

Sandy Carielli October 22, 2020
Every time we come up with new ways to build and deploy applications, we also come up with new ways to break them. Did SQL make it easier to access and manipulate large amounts of structured data? You bet, and it also led to SQL injection. Ready to join the cloud? Hope you didn’t put […]
Read More
Blog

Twenty Technologies Underpin Application Security

Sandy Carielli October 9, 2020
When I was working at @stake in the early 2000s, most of my client engagements were in application security. I did a number of code reviews that involved people handing me stacks of paper to go through. “Grep” was an important security tool. When I was involved in application penetration tests, we used a combination […]
Read More
Blog

The Security Snapshot: Improving Your Security Posture During A Global Crisis

Joseph Blankenship August 24, 2020
The COVID-19 global pandemic was top of mind for security leaders (and everyone else) during the second quarter of 2020. Forrester’s security and risk (S&R) team focused on pandemic recovery and looked at myriad ways to renew your security program and give it new life — from the development of talent and the future of […]
Read More
Blog

There’s A Growing Blind Spot For Your Security Team During The Pandemic — IoT Devices

Christopher Sherman August 10, 2020
Businesses may not be able to dictate what devices employees keep on their home networks, there are still many options available to IT departments to protect company assets.
Read More
Blog

Low-Code Development Requires A Security Rethink

Sandy Carielli July 31, 2020
Low-code platforms speed delivery of applications, but are they secure? The answer is more complicated than I expected when I started this research project with my colleagues, John Bratincevic and John R. Rymer. We’re still gathering information, but we’ve discovered that: Low-code security is not well understood. Even vendors with extensive security investments acknowledged that […]
Read More
Video

Build Advocacy, Support, And Budget For Your Zero Trust Vision

Jinan Budge June 23, 2020

Watch Now
More posts