Website and Web Application Security trend ongoing will be the eye catching title since it keep changing along the year, you are make a new one with the year said “Website and Web Application Security trend 2018”, “Website and Web Application Security trend 2019”, and it will continue to be topic people want to read and know what is going on, in particular you are involve in the working or deliver services relate to that. From the last quarter of Q2 of 2018, we notice lot of changes in the website and web application security domain.
First of the surprise, the longly promoting for the DevSecOps initiative in our end finally be the main stream, and it become one of the criteria Magic Gartner is used to filter the market player. Because of this, those pure single application security testing (AST) technology player, said either focus on pure dynamic application security testing (DAST) is mostly take out from the Magic Gartner report on application security report for 2018.
For some, the Magic Gartner report may not be the only mean use for the product adoption guideline, but it useful for knowing what is going on for the global scale. The report continue to see missing for some local or regional product listed in the report without surprise.
For those who used to be listed and then from this year onward delisting due to changing of the criteria, is coming without surprise too.
E-SPIN in the application security market since 2005, see lot of changes, take over, merger and product from being the best to obsolete, and the application security technology market keep evolving, where DevSecOps be the one of the important criteria.
Pure automated dynamic application security testing (DAST) may had the challenge to cope with the modern application where built in defense mechanism, despite can still use for scanning, but may or may not provide the full vulnerability and risk exposure detection. We notice for the market sudden come out with so many “me-too” product as well. For some player cross the domain by take over existing product and start compete with other player in application security, where in the past they are not brother at all.
In the another hand, used to be developer focus static application security testing (SAST) tool is sudden in the hot demand for the operation and IT security team, due to dynamic application security testing (DAST) is become less relevant or capable for detect accurate vulnerability and risk exposure for the operation.
Development team is also under the pressure for Secure Development and DevSecOps initiative, required 100x faster cycle time for build, release, maintain the application in concern. The beauty for DevSecOps ready application security testing (AST) will be the rising star and where the future be.
You will notice also some of the mid and niche player discontinue unlimited web scanner engine, and enforcing their customer licensing base on how many website or URL require just like the premium tool.
Feel free to engage E-SPIN and let us know your operation challenges and requirement, we will work together with yours for the requirement and technology fit solution.