Published: 17 May 2023
Summary
Evolving application portfolios are diverse and increasingly demand a more complex mix of application security testing capabilities. Security and risk management leaders should identify the optimal mix of functionality required, and those vendors best positioned to fully address their needs.
Included in Full Research
Overview
Key Findings
Static analysis and software composition analysis have become the de facto standards for application security testing (AST) for all kinds of organizations. Other specialized types of AST based on the needs of security and development teams and the nature of their application portfolios are then routinely added.
In a majority of cases, development and engineering teams have primary responsibility for the security of the applications they develop, while security teams have begun to shift toward oversight and risk management roles.
Attacks against the software supply chain, coupled with regulatory mandates, have begun to prompt organizations to incorporate protections
Clients can log in to view the entire
document.
- Checkmarx
- Contrast Security
- GitHub
- GitLab
- HCLSoftware
- Mend.io
- Onapsis
- OpenText
- Snyk
- Sonatype
- Synopsys
- Veracode
- Static AST
- Software Composition Analysis
- Dynamic AST
- Interactive AST
- Mobile AST
- API Testing and Discovery
- Software Supply Chain Security
- Application Security Posture Mgmt.
- Infrastructure as Code
- Container Security Scanning
- Fuzzing
- Developer Enablement
- Enterprise
- Mobile and Client
- Software Supply Chain Security
- DevSecOps
- Cloud-Native Applications
Gartner Recommended Reading
Critical Capabilities Methodology