Forrester Research Publishes The Forrester WaveTM: Application Security, Q4 2014 Analyzing Service Providers’ Static, Dynamic and Interactive Application Testing Technologies

On Dec. 23, 2014, Forrester Research released The Forrester WaveTM : Application Security, Q4 2014, which was written by analyst Tyler Shields with support from Stephanie Balaouras and Jennie Duong. We are pleased to announce that IBM is positioned in the “Leaders” category of the Q4 2014 report, which spanned 12 significant service providers.

For those of you who are unfamiliar with The Forrester WaveTM, Forrester Research performs extensive research to determine which vendors will be positioned in the “Leaders,” “Strong Performers,” “Contenders” and “Risky Bets” categories of its report. In the Q4 2014 report, Forrester Research analyzed vendors on 82 evaluation criteria. Big-picture, vendors were evaluated on their Current Offerings, Strategy and Market Presence.

Download the Forrester Wave on Application Security

‘Current Offering’ Evaluation Criteria

When evaluating Application Security (AST) vendors on their Current Offerings, Forrester Research analyzed the following criteria:

  • General Features
  • Static Analysis Features
  • Dynamic Analysis Features
  • Instrumented Analysis (Interactive Application Security Testing) Features
  • Reporting Features and Workflow
  • Developer Education and Training
  • Integrations
  • Remediation Instructions
  • Customer References

IBM received the highest rating of all evaluated vendors in Forrester Research’s “Current Offering” category. IBM also earned the highest rating of all evaluated vendors for its Dynamic Analysis Features and Remediation Instructions. Additionally, IBM earned the highest possible rating from Forrester Research for its Customer References.

‘Strategy’ Evaluation Criteria

When evaluating vendors on their Strategy, the following evaluation criteria were utilized:

  • Product Strategy
  • Corporate Strategy

The “Cost” evaluation criteria were not scored in this report. In the “Strategy” category, IBM earned the highest possible rating for its Corporate Strategy.

‘Market Presence’ Evaluation Criteria

When evaluating vendors on their Market Presence, the following evaluation criteria were utilized:

  • Installed Base
  • Systems Integrators
  • Services
  • Employees
  • Technology Partners

Forrester Research’s “Revenue Growth” metrics were not scored in this report.

In the “Market Presence” category, IBM earned the highest rating of all vendors that were evaluated by Forrester Research. IBM also achieved the highest possible ratings from Forrester Research for the following criteria: Services, Employees and Technology Partners.

IBM’s Vendor Profile

The following vendor profile for IBM appears verbatim in The Forrester WaveTM: Application Security, Q4 2014:

“IBM’s focus on the developer integration leads to exceptional results. The IBM product offering provides extensive general features on both on-premises and on-demand application security solutions, depending on customer needs. The solution offers limited static analysis features, for data identification, and runtime data tracking. The DAST offering is well-positioned for Web application discovery, Internet-sourced scanning, internal network scanning and large-scale assessment. IBM has a long lineage in development and has one of the strongest integrations with other product lines and third-party development tools and services. IBM approaches the security market with a developer-centric message and product strategy focus.”

Link to Complimentary Copy of The Forrester WaveTM: Application Security, Q4 2014

For a complete copy of the report, which provides an overview of all Application Security Testing vendors (including IBM) and outlines their relative strengths and areas of improvement, please click here.

Download the Forrester Wave on Application Security

More from Application Security

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

Vulnerability management, its impact and threat modeling methodologies

7 min read - Vulnerability management is a security practice designed to avoid events that could potentially harm an organization. It is a regular ongoing process that identifies, assesses, and manages vulnerabilities across all the components of an IT ecosystem. Cybersecurity is one of the major priorities many organizations struggle to stay on top of. There is a huge increase in the number of cyberattacks carried out by cybercriminals to steal valuable information from businesses. Hence to encounter these attacks, organizations are now focusing…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Unmasking hypnotized AI: The hidden risks of large language models

11 min read - The emergence of Large Language Models (LLMs) is redefining how cybersecurity teams and cybercriminals operate. As security teams leverage the capabilities of generative AI to bring more simplicity and speed into their operations, it's important we recognize that cybercriminals are seeking the same benefits. LLMs are a new type of attack surface poised to make certain types of attacks easier, more cost-effective, and even more persistent. In a bid to explore security risks posed by these innovations, we attempted to…