application security

Agile development’s cycle of deployments and patches generates ample opportunities for hackers looking for a way in. Application security must be strong, vigilant, and nimble. Read our insights.

Insights

Blog

The Security Snapshot: Embracing The New Norm

Merritt Maxim May 14, 2020
Our security analysts provide guidance for managing security and risk during the coronavirus pandemic.
Read More
Blog

Some Good News About Application Security

Sandy Carielli May 4, 2020
In my new report, “The State Of Application Security, 2020,” some of the trends are . . . kind of discouraging. Applications remain the most popular attack vector, open source continues to infect everything, and too many industries are not investing in the application security controls they need. But you’re probably tired of reading bad […]
Read More
Blog

How Do We Measure Success In The Modern Hybrid World?

Rich Lane April 7, 2020
Companies are refreshing metrics across application security, content management, customer relationship management, DevOps, loyalty, networking, vulnerability risk management, etc. But what does this look like for infrastructure and operations (I&O) teams? Many metrics that IT uses date back at least 20 years. Common metrics include mean time to repair (MTTR), customer satisfaction, tickets by status, […]
Read More
Blog

The Web Application Firewall Market Is Ripe For Disruption

Sandy Carielli March 2, 2020
Let’s face it: Web application firewalls (WAFs) rarely excite the security imagination. WAFs have been ubiquitous for at least 15 years and play an important role in detecting and blocking OWASP Top 10 application level attacks like SQL injection and cross-site scripting. WAFs are table stakes in any environment, but they suffer from the perception […]
Read More
Blog

Leverage Bot Management To Enforce Ethical Data Use

Sandy Carielli February 7, 2020
There are good bot uses and there are bad ones. If your business is collecting customer data or images, you have a responsibility to guard against the web scraping bad bots. Learn how.
Read More
Blog

As Bad Bots Evolve, Bot Management Solutions Evolve To Fight Them

Sandy Carielli January 29, 2020
One of my favorite things about covering the bot management market is that bots are not just a security issue. Sure, it’s common for bots to conduct credential stuffing attacks with a bunch of stolen usernames and passwords, but that just scratches the surface of the bot problem. Attackers also use bots to perform reconnaissance […]
Read More
Blog

A CISO’s Guide To Leading Change

Jinan Budge January 21, 2020
5 ways security chiefs can use internal politics to their advantage.
Read More
Blog

The WAF-Bot Management Acquisition Waltz

Sandy Carielli December 31, 2019
With F5 Networks buying itself a $1 billion Christmas present in Shape Security, it’s a good time to review the state of the bot management market. The Shape Security sale caps off a year of bot management acquisitions by web application firewall (WAF) vendors. In January, Radware announced that it had acquired ShieldSquare, and in […]
Read More
Blog

Decade Retrospective: Cybersecurity From 2010 To 2019

Jeff Pollard December 17, 2019
From the Intel-McAfee deal to the Sony Pictures breach, VP and Principal Analyst Jeff Pollard reviews the past decade’s cybersecurity highlights and lowlights.
Read More
Blog

Research Announcement: The Forrester Wave™: European Cybersecurity Consulting Providers, Q4 2019

Paul McKay October 31, 2019
Today, my inaugural evaluation of the European consulting services provider market published, as I write this blog from the city of Barcelona. Along with “The Forrester Wave™: Cybersecurity Consulting Services In Asia Pacific, Q4 2019,” which published yesterday (see here), this marks the first time that we have explicitly assessed the European security consulting services […]
Read More
Blog

Retailers, Don’t Let Grinchy Bots Ruin Your Holiday Season

Sandy Carielli October 31, 2019
Bot traffic can eat into profits and sabotage customer experiences. Learn how to play defense.
Read More
Blog

Browser-Based Attacks, Our Customers, And Us

Sandy Carielli October 21, 2019
Browser based attacks are particularly frustrating because they directly affect your customers. Learn what attackers are doing and how to minimize the risk.
Read More
Blog

Five Key Resources For Cybersecurity Awareness Month

David Holmes October 17, 2019
Get five new resources for cybersecurity threat management in your enterprise.
Read More
Blog

A Typical Day Of Analyst Life

Heidi Shey June 27, 2019
We’re hiring! Forrester’s security and risk research team is growing and currently has four open analyst positions: identity and access management, application security, security analytics, and Zero Trust. When I speak to candidates about the analyst role, they all ask one question that I find difficult to answer: “What’s a typical day like for an […]
Read More
Blog

Infosecurity Europe 2019: Incremental Evolution Rather Than Revolution

Paul McKay June 7, 2019
I have spent the last three days attending Infosecurity Europe 2019, the largest security trade show in the UK and Europe. As ever, before coming I have tried to predict the big theme or trends that CISOs should take note of. However, the show is very similar to last year, with incremental evolution of products […]
Read More
Blog

Spending On Application Security Tools To Grow Over 16% Annually

Jennifer Adams August 7, 2018
Hackers go after web applications because they are typically the most vulnerable. In fact, web application was the top data breach type, accounting for almost one in five confirmed data breaches, according to Verizon’s 2018 Data Breach Investigations Report. Security and risk decision makers are spending more on application security and increasing deployment of application […]
Read More
Blog

Shining The Spotlight On SAST; Some Vendors Flourish, Others Wither

Amy DeMartine December 12, 2017
Static Application Security Testing (SAST) has gained renewed popularity as pre-release security testing takes advantage of continuous integration automation early in the software delivery life cycle (SDLC). Because SAST does not require running code; it can be integrated into development tools such as IDEs to give developers information about how to remediate a security weakness, […]
Read More
Blog

Equifax Does More Than Credit Scores

Jeff Pollard September 8, 2017
Our reaction to the Equifax breach was similar to what we imagine many people went through. First, we wanted to know if we were affected. Second, what about our spouse and other immediate family members? Third, better keep an eye on the old credit report or initiate a credit freeze. Since Forrester offers credit monitoring […]
Read More
Blog

Automation For The Better Good – Security

Chris Gardner June 8, 2017
Automation gets a bad rep these days, what with public fear that robots will take over jobs (an invalid assumption – we will be working side by side with them). However, if you asked the most diehard Luddites if they were ready willing to give up the following: Depositing a check using a mobile app […]
Read More
Blog

Security Conscious Developers

John Wargo May 6, 2016
I’ve been a part of several development organizations, and, for several of those teams, security was an afterthought to the development process. We’d secure databases and even implement field level encryption but we rarely had to consider many attack vectors as we were building internal apps for enterprises and the risks were there, but not […]
Read More
More posts