A few words about Gartner’s “Magic Quadrant for Application Security Testing” 2018. February and March are the hot months for marketing reports. I already wrote about IDC and Forrester reports about Vulnerability Management-related markets. And this Monday, March 19, Gartner released new “Magic Quadrant for Application Security Testing”. You can buy it on the official website for $ 1,995.00 USD or download it for free from the vendor’s sites. For example, Synopsys or Positive Technologies. Thank you, dear vendors, for this opportunity!
I’m not an expert in Application Security. I am more in Device Vulnerability Assessment (IDC term) or Vulnerability Management. However, these field are related. And well-known Vulnerability Management vendors often have products or functionality for Web Application scanning and Source Code analysis as well. Just see Qualys, Rapid7 and Positive Technologies at the picture!
I have already mentioned in previous posts that grouping products in marketing niches is rather mysterious process for me. For example, Gartner AST niche is for SAST, DAST and IAST products:
- SAST is for source code or binary analysis
- DAST is basically a black box scanning of deployed applications. it can be also called WAS (Web Application Scanning)
- IAST is a kind of analysis that requires agent in the test runtime environment. Imho, this thing is still a pretty exotic.
As you can see, these are very different areas. But, the market is the same – AST.