With the ubiquity of web and cloud-based software applications, not only are they essential tools to interconnect enterprises with their customers and prospects, but they are now also an ever-present target.
Threat actors continuously capitalize on software application security flaws to steal customer information, expose sensitive customer records and, ultimately, hurt a business’ reputation. In a recent competitive analysis, ABI Research investigates the importance of software security, anticipating the security testing market to develop to $6.9 billion by 2020, and why secure software development remains a challenge for most businesses today.
“The biggest challenge for company software developers lies in market forces and funding,” says Monolina Sen, Senior Analyst at ABI Research. “Their incentives, and consequentially their priorities, are tied to implementing new features and meeting deadlines. With companies always aiming to shorten product cycles, app security is usually among the first add-on to be cut.”
Traditionally, security audits and quality assurance testing happen toward the end of the development cycle, by which point most security issues are expensive to fix and developers would prefer to focus on releasing the features in a timely fashion, rather than re-coding problem areas.
The changing threat landscape and increasing frequency of application attacks, however, is forcing security-focused organizations to more adequately address web application security through secure software development. As such, application security testing is becoming crucial for organizations to adhere to compliance regulations, while at the same time defending themselves from security attacks.
Major vendors in the security testing market include Applause, Cisco, Contrast Security, HP, McAfee, NT Objectives, PortSwigger, Rapid7, Trustwave and WhiteHat Security. In this report, ABI Research reviewed the software security approaches of six industry vendors: Acunetix, Checkmarx, Cigital, IBM, Qualys and Veracode. The report highlights current software security development trends and provides insight into the secure software development solutions existing in the market, as well as their effectiveness.
Notably, the industry recognizes Static Application Security Testing, or white-box testing, as one of the most effective ways to eliminate software flaws. By solving the problem at the code level, static testing reduces the number of security-related design and coding defects. SAST offers many advantages; the biggest being that it can detect complex vulnerabilities that are not visible without access to the source code. In addition, SAST helps users locate the precise location of any flaw in the source code, which makes it an extremely useful methodology.
“Implementing a robust web application security practice offers an incomparable advantage in allowing development teams to identify known security exposures before potential hackers through defective code detections, patch checks and comprehensive evaluations of user authentication services,” concludes Sen.