Application Security

Agile development’s cycle of deployments and patches generates ample opportunities for hackers looking for a way in. Application security must be strong, vigilant, and nimble. Read our insights.

Discover how Forrester supports technology executives.

Insights

Blog

Announcing The Forrester Wave™: Zero Trust Platforms, Q3 2025 — Choosing A Platform Solution For Your Zero Trust Journey

Carlos Rivera 4 days ago
The latest edition of our Zero Trust platform vendor evaluation, The Forrester Wave™: Zero Trust Platforms, Q3 2025, published today. It highlights how this market continues to improve upon delivering unified solutions that help simplify and operationalize Zero Trust for organizations. Beginning with The Zero Trust Platforms Landscape, Q1 2025, we researched major players in […]
Read More
Blog

AWS re:Inforce 2025 — Heavy On User Experience Enhancements, Light On The GenAI Hype

Allie Mellen June 25, 2025
This year's AWS re:Inforce event included a big announcement and revealed other security-related enhancements. Read our top takeaways.
Read More

Summer Team Up: Security & Risk Summit

Learn More
Blog

Make No Mistake — Software Is a Supply Chain, And It’s Under Attack

Janet Worthington June 12, 2025
Software is no longer just code written by a team of enterprise developers — it’s a complex, interconnected supply chain. And like any supply chain, the weakest link makes the entire chain vulnerable.
Read More
Blog

Sudo Coming To Windows? Pretty Much, Yeah

Paddy Harrington May 29, 2025
Windows 11 introduces a new security feature that separates admin and user roles, bringing a sudolike experience to the desktop.
Read More
Blog

Software Composition Analysis Is The AppSec Hero We Deserve AND Need

Janet Worthington May 20, 2025
Get three key insights to consider when purchasing or upgrading your software composition analysis software.
Read More
Blog

The State Of Application Security, 2025: Yes, AI Just Made It Harder To Do This Right

Sandy Carielli May 15, 2025
Our annual report on the state of application security is one of our favorites. We love digging into the data to see how priorities and adoption have changed. This year, the explosion of AI in applications and in-application development exacerbated existing trends and introduced new concerns. Here are some areas that got our attention. AI […]
Read More
Blog

RSAC Conference 2025: Innovation Sandbox Turns 20

Sandy Carielli May 7, 2025
RSAC Conference 2025 featured the 20th annual Innovation Sandbox competition. Learn more about the entrants and results in this review of the event.
Read More

Can Your Security Strategy Handle Today’s Volatility?

Economic turmoil, increased cyberattacks, and changing regulations. Learn new strategies for managing risk in an era of volatility.

Watch The Webinar
Blog

RSAC Conference 2025: Welcome To The Petting Zoo

Sandy Carielli May 6, 2025
From live goats and puppies to robot dogs and animal costumes, the RSAC Conference 2025 delivered some unexpected surprises. But it also delivered the usual insight into various trends in the security market today. Find out more in this RSAC review.
Read More
Blog

Reduce, Reuse, Recycle! The US Government Applies The Concept To Software Coding

Janet Worthington April 24, 2025
The US government’s SHARE IT Act became law in December 2024, requiring that all custom-developed software be accessed, shared, used, and modified governmentwide. By allowing any federal agency to access and use the code, the SHARE IT Act ensures that the investments in custom-developed software ($12 billion spent annually) are maximized, reducing the need for […]
Read More
Blog

Transforming Enterprise Business Apps With Powerful AI Ecosystems And Marketplaces

Linda Ivy-Rosser April 18, 2025
We can’t emphasize enough the importance of interconnected networks and ecosystems to the enterprise application software market. Industry cloud providers and hyperscalers possess several key advantages in nurturing and leading these innovation networks. So what does this acceleration of AI software and services on industry cloud and hyperscaler marketplaces mean? Well, it depends on the […]
Read More
Blog

Unveiling AI Risks In The Software Supply Chain

Linda Ivy-Rosser April 16, 2025
In the age of intelligent automation, enterprise business applications (EBAs) are increasingly embedding and integrating sophisticated AI agents to drive efficiency, insights, and innovation.
Read More
Blog

RSAC 2025 Early Stage Expo Preview: AppSec, IAM, GenAI, SecOps, And More

Heidi Shey April 8, 2025
As we put together our game plan for what to see at RSA Conference 2025, we wanted to scope out innovation, identify which vendor booths will be a must-see, and (at least for one of us) minimize the number of steps to take around the Moscone Center.
Read More

Showcase Your Security & Risk Innovation With A Forrester Award

Get recognized for excellence in security, privacy, and risk innovation. Apply for a Forrester Security & Risk Enterprise Leadership Award to celebrate your success in creating resilient operations.

Learn How To Apply
Blog

So There Won’t Be A Wiz IPO — What Does That Mean For Cyber IPOs In 2025?

Merritt Maxim April 3, 2025
Last week’s mega deal of Google acquiring CNAPP provider Wiz for $32 billion has some lamenting the future of IPOs in the cybersecurity space.
Read More
Blog

WAFs Are Now The Center Of Application Protection Suites

Sandy Carielli March 20, 2025
Although not a new technology by any stretch, web application firewall (WAF) solutions continue their evolution. Today, WAF solutions are cloud-based and protect applications and APIs in hybrid and multicloud environments. WAF solution vendors have expanded their remit to address API attacks and layer 7 DDoS and are working to integrate WAFs with bot management, […]
Read More
Blog

Google To Acquire CNAPP Specialist Unicorn Wiz For $32 Billion

Andras Cser March 19, 2025
Learn what the largest-ever acquisition in cybersecurity means both for Google and the CNAPP space.
Read More
Blog

Highlights And Implications Of Biden’s Executive Order On Strengthening And Promoting Innovation In The Nation’s Cybersecurity

Heidi Shey January 21, 2025
Forrester's security and risk research team breaks down the key highlights and implications of former US President Joe Biden’s 2025 Executive Order (EO) 14144 on strengthening security, improving accountability for software and cloud service providers, and promoting innovation, including use of emerging technologies.
Read More
Blog

Are You Making These DevSecOps Mistakes? The Four Phases You Need To Know Before Your Code Becomes Your Vulnerability

Janet Worthington November 25, 2024
Learn the four key phases of DevSecOps as well as some key best practices to jump-start your transformation in this preview of our upcoming Security & Risk Summit.
Read More
Blog

Announcing Forrester’s 2024 Security & Risk Enterprise Leadership Award Winner And Finalist

Stephanie Balaouras November 14, 2024
Learn more about the security strategies that helped Schneider Electric win this year’s Security & Risk Enterprise Leadership Award, which recognizes organizations that have transformed their security, privacy, and risk management functions.
Read More
Blog

The API Security Software Landscape, Q3 2024

Madelein van der Hout November 1, 2024
While API discovery and policy enforcement have gained traction, it's time for companies to elevate their approach to API security maturity. Learn how to get started in this preview of a new report.
Read More
Blog

Retailers: Adopt Three Application Security Technologies Now

Sandy Carielli October 29, 2024
Three application security technologies are key for retailers to adopt before the holiday season.
Read More
More posts