August 7, 2018
Hackers go after web applications because they are typically the most vulnerable. In fact, web application was the top data breach type, accounting for almost one in five confirmed data breaches, according to Verizon’s 2018 Data Breach Investigations Report.
Security and risk decision makers are spending more on application security and increasing deployment of application security tools in response to these threats. In our Forrester Analytics Global Business Technographics® Security Survey, 2017, four out of ten global security decision makers indicate that they planned to increase spending on application security in 2018. According to our recently published “Forrester Analytics: Application Security Solutions Forecast, 2017 To 2023 (Global),” we expect spending on application security solutions to grow to $7.1 billion by 2023, up from $2.8 billion in 2017, implying a 16.4% compound annual growth rate.
For this updated forecast, we examine growth in both security scanning and runtime protection tools. While it’s impossible to remove all vulnerabilities, application security testing tools can identify issues before the application goes into production. Over three-quarters of untested software will have at least one vulnerability in the initial testing scan, according to Veracode’s State of Software Security 2017 report. Runtime protection tools, such as bot management, run-time application self-protection, and web application firewalls, can protect live applications in production. We expect the highest growth in newer, emerging technologies including bot management, interactive application security testing tools, software composition analysis, and real-time application self-protection.
We developed this updated forecast in collaboration with our colleague Amy DeMartine. For more of Amy’s recent thoughts on the sector, Forrester clients can access “The Forrester Wave™: Web Application Firewalls, Q2 2018,” “The Forrester New Wave™: Runtime Application Self-Protection, Q1 2018,” and “The Forrester Wave™: Static Application Security Testing, Q4 2017.”