Sandy Carielli

Principal Analyst

Forrester Bio

Author Insights

Blog

The Power And The Peril Of APIs

Sandy Carielli 4 days ago
Every time we come up with new ways to build and deploy applications, we also come up with new ways to break them. Did SQL make it easier to access and manipulate large amounts of structured data? You bet, and it also led to SQL injection. Ready to join the cloud? Hope you didn’t put […]
Read More
Blog

Twenty Technologies Underpin Application Security

Sandy Carielli October 9, 2020
When I was working at @stake in the early 2000s, most of my client engagements were in application security. I did a number of code reviews that involved people handing me stacks of paper to go through. “Grep” was an important security tool. When I was involved in application penetration tests, we used a combination […]
Read More
Blog

Low-Code Development Requires A Security Rethink

Sandy Carielli July 31, 2020
Low-code platforms speed delivery of applications, but are they secure? The answer is more complicated than I expected when I started this research project with my colleagues, John Bratincevic and John R. Rymer. We’re still gathering information, but we’ve discovered that: Low-code security is not well understood. Even vendors with extensive security investments acknowledged that […]
Read More
Blog

Container Adoption Is On The Rise: How Can Security Keep Up?

Sandy Carielli July 24, 2020
Adopting containers has become increasingly popular — consider that, as of 2019, 33% of global developers indicated that their development organizations currently use containers, and another 25% said they want to do so over the next 12 months. These numbers are not surprising when we consider the value containers offer, such as scalability, agility, and […]
Read More
Blog

Developer Security Champions Are Needed Now More Than Ever

Sandy Carielli June 12, 2020
In an era of budget cuts and staff reductions, can your organization propose a new security program? Analyst Sandy Carielli provides answers.
Read More
Blog

Some Good News About Application Security

Sandy Carielli May 4, 2020
In my new report, “The State Of Application Security, 2020,” some of the trends are . . . kind of discouraging. Applications remain the most popular attack vector, open source continues to infect everything, and too many industries are not investing in the application security controls they need. But you’re probably tired of reading bad […]
Read More
Blog

Security Recommendations 2020: What To Focus On

Sandy Carielli April 27, 2020
Our team of security and risk analysts spent the past few months brainstorming and curating tactical and strategic advice designed to improve your security programs for 2020 and beyond . . . and then along came the COVID-19 global pandemic. In the midst of this, firms are undergoing a shuffle of priorities to accommodate a […]
Read More
Blog

The Web Application Firewall Market Is Ripe For Disruption

Sandy Carielli March 2, 2020
Let’s face it: Web application firewalls (WAFs) rarely excite the security imagination. WAFs have been ubiquitous for at least 15 years and play an important role in detecting and blocking OWASP Top 10 application level attacks like SQL injection and cross-site scripting. WAFs are table stakes in any environment, but they suffer from the perception […]
Read More
Blog

The Road To RSA Conference 2020: What Am I Looking For?

Sandy Carielli February 17, 2020
Attending RSA Conference is like being at a giant class reunion where everyone still has homework to do. Catching up with old friends working at new companies is great (and it usually starts at the airport), but most of us work hard during the week. Depending on where I worked, I have spent previous conferences […]
Read More
Blog

Leverage Bot Management To Enforce Ethical Data Use

Sandy Carielli February 7, 2020
There are good bot uses and there are bad ones. If your business is collecting customer data or images, you have a responsibility to guard against the web scraping bad bots. Learn how.
Read More
Blog

As Bad Bots Evolve, Bot Management Solutions Evolve To Fight Them

Sandy Carielli January 29, 2020
One of my favorite things about covering the bot management market is that bots are not just a security issue. Sure, it’s common for bots to conduct credential stuffing attacks with a bunch of stolen usernames and passwords, but that just scratches the surface of the bot problem. Attackers also use bots to perform reconnaissance […]
Read More
Blog

The WAF-Bot Management Acquisition Waltz

Sandy Carielli December 31, 2019
With F5 Networks buying itself a $1 billion Christmas present in Shape Security, it’s a good time to review the state of the bot management market. The Shape Security sale caps off a year of bot management acquisitions by web application firewall (WAF) vendors. In January, Radware announced that it had acquired ShieldSquare, and in […]
Read More
Blog

Retailers, Don’t Let Grinchy Bots Ruin Your Holiday Season

Sandy Carielli October 31, 2019
Bot traffic can eat into profits and sabotage customer experiences. Learn how to play defense.
Read More
Blog

Browser-Based Attacks, Our Customers, And Us

Sandy Carielli October 21, 2019
Browser based attacks are particularly frustrating because they directly affect your customers. Learn what attackers are doing and how to minimize the risk.
Read More