Application Security

Agile development’s cycle of deployments and patches generates ample opportunities for hackers looking for a way in. Application security must be strong, vigilant, and nimble. Read our insights.

Discover how Forrester supports technology executives.

Insights

Blog

Serverless Functions Hold A Lot Of Promise … And Potential Security Flaws

Janet Worthington 2 days ago
A full-stack developer must program in HTML/CSS and JavaScript as well as be responsible for back-end development of sever-side processes for data storage and retrieval, business logic tasks, authentication, and integration with third-party APIs in programming languages such as Go, .NET, Java, Rust, and Node.js. In addition, full-stack engineers must be knowledgeable about development and […]
Webinar

How To Enhance Your Security Operations Practice With Agile And Detection Engineering

Join us on Sept. 27 for a deep dive on detection engineering in security operations. Hear Forrester advice on best practices and the use of detection–as–code. 

Stay Ahead of Threats with These Cutting-Edge Detection Engineering Practices

Join us on Sept. 27 for a live webinar to learn how to enhance your security operations practice with agile and detection engineering practices.

Blog

Your Product Security Approach Must Evolve With Your Organization’s Technology Strategy

Sandy Carielli September 11, 2023
Learn how specific investment choices can support your security organization’s evolution and maturity.
Blog

Rubrik Acquires Laminar: Data Resilience And Security Join Forces

Heidi Shey August 22, 2023
As security threats increase, data protection and security practices continue to merge. Data resilience firm Rubrik recently announced its acquisition of Laminar, a data security posture management (DSPM) vendor. Together, they aim to enable consistent and unified data security posture visibility that spans on-premises and cloud-based environments. Modern Data Resilience Is Increasingly A Cybersecurity Issue […]
Blog

Seize The Opportunity: The Security & Risk Enterprise Leadership Award 2023

David Levine August 22, 2023
Last month, Forrester announced its inaugural Security & Risk Enterprise Leadership Award. As former CISOs, my Forrester colleague Brian Wrozek and I are sharing our thoughts about why you should apply. There are tangible benefits to you, your team, your organization, and the greater security community. You should apply — and apply now — for […]
Blog

Black Hat USA 2023: Insights From Our Short Vegas Residency

Jeff Pollard August 21, 2023
Black Hat USA 2023: Insights From Our Short Vegas Residency Black Hat has gone from being RSAC’s smaller tech and practitioner-focused cousin to being a commercial showcase for cybersecurity vendors. A tightly packed, noisy Business Hall included over 300 vendors and 400 organizations with booths, which was great for swag but bad for anyone with […]
Blog

Thales To Acquire Imperva: Building This Dream House Won’t Be Easy

Heidi Shey July 25, 2023
Thales announced its agreement to acquire Imperva from private equity firm Thoma Bravo for $3.6 billion, expecting to add $500 million of revenue and expand its data and application security offerings as a result. The overall cybersecurity portfolio will then be structured across three key areas: identity (Thales), data security (Thales and Imperva), and application […]

Strenthen Security Operations With Agile SecOps

Read this report to learn how to apply agile software development lifecycle practices (SDLC) to detection and response to create engineering-driven detection operations.

Blog

To Secure Kubernetes, Think Beyond Kubernetes

Sandy Carielli June 22, 2023
Kubernetes is the de facto standard for deploying and managing application workloads and containers. Lee has written quite a bit about the power of Kubernetes as an innovation platform, but while development and architecture teams are bullish on Kubernetes, security teams can find themselves scrambling to secure Kubernetes environments as they hurtle toward production. The […]
Blog

Announcing Forrester’s Security & Risk Enterprise Leadership Award

Stephanie Balaouras June 21, 2023
Forrester is thrilled to announce its inaugural Security & Risk Enterprise Leadership Award, which will recognize security organizations that have transformed the security, privacy, and risk management functions to fuel long-term success. Learn how to apply here.
Blog

Shift-Everywhere Is The Bullet Train To Secure Software

Janet Worthington June 20, 2023
Application security is in the spotlight with continued breaches due to the vast attack surface applications and their ecosystems provide.
Blog

Static Application Security Testing (SAST) Tools Evolve To Keep Pace With Modern Application Delivery

Janet Worthington June 13, 2023
We looked at the top 50 undergraduate computer science programs in the US and found that none require a secure coding or secure application design class. Although 18% did offer electives in secure coding or application security, it’s fair to say that teaching undergrads to develop secure code is not a top priority. Static application […]
Blog

The CNAPP Product Category is Getting Crowded With Capabilities

Andras Cser May 30, 2023
Learn four key reasons why the packaging of cloud-native application protection platforms into a bundle is unnecessary and possibly even misleading.

Don't Get Misled By Unrealistic AI And Security Expectations

Learn the truth behind ML’s madness, how AI and security (really) work in detection and response, and red-flag claims to avoid.

Blog

The World Lags With SBOM Requirements, But Likely Not For Long

Janet Worthington May 8, 2023
The US Executive Order on Improving the Nation’s Cybersecurity ignited an evolution in software supply-chain security that breaches such as the ones on SolarWinds and Colonial Pipeline fueled. Putting teeth behind the Executive Order, an Office of Management and Budget September 2022 memorandum allows agencies to request a software bill of materials (SBOM) from suppliers. […]
Blog

Protecting Against The Top Cybersecurity Threats In 2023 Requires A Balanced Approach

Brian Wrozek May 1, 2023
Get a preview of the top five cybersecurity threats — established and emerging — for this year and learn how to defend against each.
Blog

Avoid A Bot Waterloo

Sandy Carielli March 16, 2023
I don’t follow the Eurovision Song Contest closely, but I know that ABBA famously won decades ago with “Waterloo” and that a few other contest winners — Celine Dion, Måneskin — have achieved global success afterwards. This year, though, an article about Eurovision got my attention. It seems that tickets to the live Eurovision performances […]
Blog

Product Management And Security Collaboration Benefits More Than Product Security

Sandy Carielli March 14, 2023
As part of Forrester’s research into securing what you sell, we have long advocated for security leaders to overlay their own activities with the rest of the product team and to engage in the product lifecycle before the product has even been defined. Last year, we reached out to product management decision-makers to learn more […]
Blog

2023 Security Recommendations: Protect Your Ass(ets) And Lawyer Up

Jeff Pollard March 6, 2023
Forrester recently published Top Recommendations For Your Security Program, 2023 for CISOs and other senior cybersecurity and technology leaders. This year’s overarching theme involves protection (as you might expect) — but not exactly in the way you’d think in the context of security. In 2023, our recommendations fall into three major strategic themes for security […]

Seven Steps To Bolstering Network Security With Zero Trust Edge

Watch this video to break down vendor ZTE hype and learn how to implement it across all endpoints in an enteprisewide networking fabric.

Blog

Get A Head Start On The National Cybersecurity Strategy

Jeff Pollard March 2, 2023
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog

When It Comes To Zero Trust, Nobody Puts Appsec In A Corner

Sandy Carielli February 22, 2023
Zero Trust has seen an increase in adoption over the past few years — Forrester’s Security Survey, 2022, shows that 83% of global large enterprises are reporting that senior leadership has committed their organizations to the adoption of Zero Trust. Aspects of the Zero Trust model continue to be misunderstood, however. The industry is still […]
Blog

Responding To The Cybersecurity Signal In The Sky, A Hero Steps Out Of The Shadows: Software Composition Analysis

Janet Worthington February 2, 2023
Software composition analysis (SCA) has lived for many years in the shadow of static application security testing (SAST) and dynamic application security testing (DAST) tools that have commanded bigger budgets, stakeholder attention, and vendor competition. This changed in May of 2021 when President Biden called on the public and private sector to secure the US […]
More posts