Vendor Comparison in Application Security 2017: MnM DIVE Matrix

The vendor comparison report on application security is based on the MNM DIVE methodology that covers a detailed study of the major players offering application security solutions. The 15 key vendors in the application security market were analyzed on the basis of their product offerings, support services, and business strategies. The vendors were shortlisted based on their solution capabilities, technology innovations, industry coverage, viability, breadth of product offerings, global reach, partner ecosystem, new product launches, and acquisitions.

The report would help the stakeholders, such as application security vendors, security testing service providers, cybersecurity solution vendors, cybersecurity consulting firms, system integrators, value-added resellers, and Managed Security Service Providers (MSSPs) in understanding the capabilities of the major players in the application security market.

The application security market is defined as the set of security testing products and services used to find and remediate vulnerabilities in enterprise applications. The application security testing products are basically categorized into Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST). These various security testing products make use of or complement other application security products, such as software composition analysis, Runtime Application Self-Protection (RASP), website discovery, and Web Application Firewall (WAF). The application security testing solutions are highly recommended to be incorporated into the Software Development Lifecycle (SDLC) to remediate application vulnerabilities in the earlier phase of the application development. This allows great reduction in the security costs of applications through their complete lifecycle.

Vendors Evaluated:

The report covers the comprehensive study of the key vendors offering solutions for application security. We have evaluated the following 15 key vendors:

• Acunetix
• Checkmarx Ltd.
• Contrast Security
• Fasoo
• Hewlett Packard Enterprise (HPE)
• High-Tech Bridge
• International Business Machines (IBM) Corporation
• Pradeo
• Qualys, Inc.
• Rapid7, Inc.
• SiteLock
• Synopsys, Inc.
• Veracode, Inc. (CA, Inc.)
• Trustwave Holdings, Inc. (Singtel)
• WhiteHat Security, Inc.

Vendor Inclusion Criteria

We have conducted an in-depth analysis of over 15 key vendors of application security testing solutions and services. The set consists of vendors of all sizes, from global IT giants to niche companies. These vendors are shortlisted based on their breadth of product offerings and robustness of their business strategies. The two main parameters, product offering and business strategy, are further broken down into numerous parameters to predict the exact position of the vendors in the DIVE matrix.