Application Security

Agile development’s cycle of deployments and patches generates ample opportunities for hackers looking for a way in. Application security must be strong, vigilant, and nimble. Read our insights.

Discover how Forrester supports technology executives.

Insights

Blog

What To Know: A Retrospective Of 2023’s Top Breaches And Fines

Sandy Carielli February 28, 2024
After a retrospective review of the largest publicly reported breaches and privacy violations in 2023, here's what you need to know for 2024.
Blog

Lessons Learned From Another Year Of Sponsoring Women To Attend S&R Forum

Allie Mellen December 21, 2023
Learn three key lessons from our partnership with Women in Security and Privacy (WISP) in sponsoring attendees at our Security & Risk Forum.

Conquer Your GenAI Security, Risk & Privacy Fears

Watch our webinar to learn how security leaders can identify and manage enterprise genAI risk across models, APIs, and applications — and follow paths to secure, trusted adoption.

Blog

Predictions 2024: A Lethargic Enterprise Software Market Goes Cutting-Edge

Linda Ivy-Rosser October 30, 2023
In 2024, we’ll see SaaS sales hit 75%, genAI drive modernization efforts, and at least one vendor megadeal. Learn more in Forrester’s 2024 enterprise software predictions.
Blog

The CISO And CIO Microsoft Security Dilemma: Fend Off Or Learn To Love?

Jeff Pollard September 28, 2023
Should CISOs fend off Microsoft to keep their preferred products or embrace consolidation? Find out in this blog.
Blog

Serverless Functions Hold A Lot Of Promise … And Potential Security Flaws

Janet Worthington September 21, 2023
Full stack developers are concerned with accessibility, usability, reliability, scalability, and performance. So, who's responsible for the security of an application?
Webinar

Enhance Your Security Operations Practice With Agile And Detection Engineering

Get a deep dive on detection engineering in security operations. Hear Forrester advice on best practices and the use of detection–as–code. 
Blog

Your Product Security Approach Must Evolve With Your Organization’s Technology Strategy

Sandy Carielli September 11, 2023
Learn how specific investment choices can support your security organization’s evolution and maturity.
Blog

Rubrik Acquires Laminar: Data Resilience And Security Join Forces

Heidi Shey August 22, 2023
As security threats increase, data protection and security practices continue to merge. Data resilience firm Rubrik recently announced its acquisition of Laminar, a data security posture management (DSPM) vendor. Together, they aim to enable consistent and unified data security posture visibility that spans on-premises and cloud-based environments. Modern Data Resilience Is Increasingly A Cybersecurity Issue […]
Blog

Seize The Opportunity: The Security & Risk Enterprise Leadership Award 2023

David Levine August 22, 2023
Last month, Forrester announced its inaugural Security & Risk Enterprise Leadership Award. As former CISOs, my Forrester colleague Brian Wrozek and I are sharing our thoughts about why you should apply. There are tangible benefits to you, your team, your organization, and the greater security community. You should apply — and apply now — for […]
Blog

Black Hat USA 2023: Insights From Our Short Vegas Residency

Jeff Pollard August 21, 2023
Black Hat USA 2023: Insights From Our Short Vegas Residency Black Hat has gone from being RSAC’s smaller tech and practitioner-focused cousin to being a commercial showcase for cybersecurity vendors. A tightly packed, noisy Business Hall included over 300 vendors and 400 organizations with booths, which was great for swag but bad for anyone with […]
Blog

Thales To Acquire Imperva: Building This Dream House Won’t Be Easy

Heidi Shey July 25, 2023
Thales announced its agreement to acquire Imperva from private equity firm Thoma Bravo for $3.6 billion, expecting to add $500 million of revenue and expand its data and application security offerings as a result. The overall cybersecurity portfolio will then be structured across three key areas: identity (Thales), data security (Thales and Imperva), and application […]
Blog

To Secure Kubernetes, Think Beyond Kubernetes

Sandy Carielli June 22, 2023
Kubernetes is the de facto standard for deploying and managing application workloads and containers. Lee has written quite a bit about the power of Kubernetes as an innovation platform, but while development and architecture teams are bullish on Kubernetes, security teams can find themselves scrambling to secure Kubernetes environments as they hurtle toward production. The […]

Strenthen Security Operations With Agile SecOps

Read this report to learn how to apply agile software development lifecycle practices (SDLC) to detection and response to create engineering-driven detection operations.

Blog

Announcing Forrester’s Security & Risk Enterprise Leadership Award

Stephanie Balaouras June 21, 2023
Forrester is thrilled to announce its inaugural Security & Risk Enterprise Leadership Award, which will recognize security organizations that have transformed the security, privacy, and risk management functions to fuel long-term success. Learn how to apply here.
Blog

Shift-Everywhere Is The Bullet Train To Secure Software

Janet Worthington June 20, 2023
Application security is in the spotlight with continued breaches due to the vast attack surface applications and their ecosystems provide.
Blog

Static Application Security Testing (SAST) Tools Evolve To Keep Pace With Modern Application Delivery

Janet Worthington June 13, 2023
We looked at the top 50 undergraduate computer science programs in the US and found that none require a secure coding or secure application design class. Although 18% did offer electives in secure coding or application security, it’s fair to say that teaching undergrads to develop secure code is not a top priority. Static application […]
Blog

The CNAPP Product Category is Getting Crowded With Capabilities

Andras Cser May 30, 2023
Learn four key reasons why the packaging of cloud-native application protection platforms into a bundle is unnecessary and possibly even misleading.
Blog

The World Lags With SBOM Requirements, But Likely Not For Long

Janet Worthington May 8, 2023
The US Executive Order on Improving the Nation’s Cybersecurity ignited an evolution in software supply-chain security that breaches such as the ones on SolarWinds and Colonial Pipeline fueled. Putting teeth behind the Executive Order, an Office of Management and Budget September 2022 memorandum allows agencies to request a software bill of materials (SBOM) from suppliers. […]

Learn How AI Can Be Used In Detection And Response

Watch this video for a reality check on what can (and can’t) be done with AI and security.

Blog

Protecting Against The Top Cybersecurity Threats In 2023 Requires A Balanced Approach

Brian Wrozek May 1, 2023
Get a preview of the top five cybersecurity threats — established and emerging — for this year and learn how to defend against each.
Blog

Avoid A Bot Waterloo

Sandy Carielli March 16, 2023
I don’t follow the Eurovision Song Contest closely, but I know that ABBA famously won decades ago with “Waterloo” and that a few other contest winners — Celine Dion, Måneskin — have achieved global success afterwards. This year, though, an article about Eurovision got my attention. It seems that tickets to the live Eurovision performances […]
Blog

Product Management And Security Collaboration Benefits More Than Product Security

Sandy Carielli March 14, 2023
As part of Forrester’s research into securing what you sell, we have long advocated for security leaders to overlay their own activities with the rest of the product team and to engage in the product lifecycle before the product has even been defined. Last year, we reached out to product management decision-makers to learn more […]
More posts