Gartner recently released the Magic Quadrant for Application Security Testing 2022 report. According to the report, the scope of the Application Security Testing (AST) market is expanding due to modern application design and the increasing adoption of DevSecOps. The AST market consists of customers and providers of tools and services that evaluate and test applications for security vulnerabilities. This market is extremely dynamic, and it is still evolving quickly adapting to shifting application designs and supporting technology.
In this analysis, and vendor assessments, Gartner has emphasized on developing technologies and techniques, as well as AST tools that confront the new requirements they bring. AST tools are available as on-premises software or as subscription-based software as a service (SaaS) options. Moreover, many vendors provide both services.
Most organizations use one or more of the following types of core capabilities to provide foundational testing functionality:
- Static AST (SAST) evaluates an application’s source, bytecode, or binary code for security vulnerabilities during the testing phases of the software development life cycle.
- Dynamic AST (DAST) evaluates applications in their operating state during testing or operational phases.
- Interactive AST (IAST) evaluates the execution of a running application (e.g., via the Java Virtual Machine) to find vulnerabilities.
- SCA is a technique that is used for detecting open-source and, less frequently, commercial components in software.
Optional capabilities enhance core capabilities and are often used to supplement an organization’s application portfolio or application security program maturity. They include:
- API Testing
- Application security orchestration and correlation (ASOC)
- Business-critical AST
- Container security
- Developer enablement
- Infrastructure as code (IaC) testing
- Mobile AST (MAST)
The requirement to support enterprise DevSecOps and cloud-native application ambitions continue to be a primary driver in the expansion of the AST industry, according to Gartner. Customers expect products that deliver high-assurance, high-value discoveries without causing unnecessary delays in development. As a result, the Gartner Magic Quadrant for Application Security Testing 2022 places a strong emphasis on the buyer’s needs, such as speedy and accurate testing for a wide range of application types and the ability to integrate into an expanding automated form throughout software delivery processes.
Vendors recognized by Gartner in the Magic Quadrant for Application Security Testing 2022 are as follows:
Checkmarx has been recognized as a Leader in Magic Quadrant 2022 for the Fifth straight year. With enhanced functionality enhancements to its KICS IaC product, more attention to supply chain security, and a tool for integrating test outcomes from multiple portions of the SDLC, the company’s focus remains on providing comprehensive, developer-centric solutions.
Contrast Security has been recognized as a Visionary in Magic Quadrant 2022. It is most recognized for passive IAST, which depends on pre-planned non-security testing, such as quality assurance (QA), rather than active scanning to initiate attacks and find flaws.
Data Theorem has been recognized as a Visionary in Magic Quadrant 2022. Its products are focused on web, mobile, API, and cloud AST, with an emphasis on code analysis utilizing an engine that combines several ways for evaluating applications.
GitHub has been placed in the niche quadrant in Magic Quadrant 2022. As part of an Advanced Security solution for GitHub Enterprise, GitHub’s AST products comprise SAST, secret scanning, and SCA. Other features are offered through a succession of partnerships and open-source tools.
GitLab has been recognized as a Challenger in Magic Quadrant 2022. As part of its broader value stream delivery platform, it offers AST. To provide SAST and DAST, it uses a combination of proprietary and open-source scanning tools and capabilities in its workflows.
HCL Software has been recognized as a Leader in Magic Quadrant 2022. Its solutions include a mix of AST capabilities delivered through a range of channels. Furthermore, HCL Software is concentrating on additional product developments to respond to customer needs and better connect with the AST market’s overall trajectory.
Invicti has been recognized as a Challenger in Magic Quadrant 2022. Its products are primarily focused on IAST and DAST, with the latter being Invicti’s primary strength. Because Invicti does not offer a SAST solution, any SAST tool would have to be obtained from a third party. Through a partnership, it makes DAST tools available to Checkmarx clients.
NTT Application Security has been placed in the niche quadrant in Magic Quadrant 2022 and has been named in the report for the 7th time. Its products significantly emphasize on static and dynamic AST, as well as SCA and IaC scanning, and are currently in a state of transition.
Onapsis has been placed in the niche quadrant in Magic Quadrant 2022. Onapsis has a greater emphasis on business-critical applications and a substantial client base in that field. It continues to stand out for developer needs and the often-specialized security concerns faced by business-critical applications.
Rapid 7 has been recognized as a Visionary in Magic Quadrant 2022 for the 2nd consecutive year. The DAST and vulnerability management spaces have been its primary expertise. It handles other essential functionalities by Partnering with Checkmarx and Snyk for SAST and with Snyk for SCA.
Snyk has been recognized as a Challenger in Magic Quadrant 2022. Snyk is a prominent SCA company that has branched out into AST. SCA with Snyk Open Source and Snyk Container, as well as SAST with Snyk Code and Snyk Infrastructure as Code, are all part of its AST offering.
Synopsys has been recognized as a Leader in Magic Quadrant 2022 for the 6th year in a row. Its AST offering is one of the most comprehensive in the market, with both fundamental testing capabilities and customized tools. The organization is moving toward an open-platform paradigm, in which data from many testing tools is combined in one place for analysis, triage, and prioritization.
Veracode has been recognized as a Leader in Magic Quadrant 2022 for the 9th consecutive year. It is a prominent AST supplier providing a full SaaS AST offering, including SAST, DAST, IAST, and SCA.
The application security testing industry continues to develop and evolve at a quick pace, mainly in accordance with the conclusions drawn in last year’s Magic Quadrant. Three trends can be seen at a high level:
- Many application security activities are being shifted straight into the control of development and operational teams.
- Rapid expansion and greater competitive complexities.
- There is a requirement for the expansion of the scope of testing.
According to market research, end-user spending reaching $2.6 billion in 2021, representing a 20% year-over-year rise. Geographically, the North American market expanded in size, but its overall market share fell — from 73% to 68% — as market share growth in Europe and the United Kingdom (17%) and the Asia-Pacific (12%) climbed.
Why you should download the report?
- To find out the strengths and cautions of the Vendors recognized in the Magic Quadrant 2022.
- To find out how different application security vendors compare with each other.
- To read about the Application Security Testing Market Overview.
Interested people can access the full report on Gartner Magic Quadrant for Application Security Testing 2022.