Gartner defines the Application Security Testing (AST) market as the buyers and sellers of products and services designed to analyze and test applications for security vulnerabilities. Gartner identifies four main styles of AST: (1) Static AST (SAST) (2) Dynamic AST (DAST) (3) Interactive AST (IAST) (4) Mobile AST. The above technology approaches can be delivered as a tool or as a subscription service. Many vendors offer both options to reflect enterprise requirements for a product and service.
The vulnerability assessment (VA) market is made up of vendors that provide capabilities to identify, categorize and manage vulnerabilities. These include unsecure system configurations or missing patches, as well as other security-related updates in the systems connected to the enterprise network directly, remotely or in the cloud.
Gartner defined Web Application and API Protection (WAAP) as the evolution of the web application firewall market (WAF), expanding WAF capabilities to four core features: WAF, DDoS protection, bot management and API protection. WAAP development started with cloud-delivered WAF services that were easier to deploy, and from the start bundled WAF with DDoS protection. Slowly, the WAF market evolved to offer more than basic capabilities for bot management and API protection. 2019 marked a tipping point with four vendors acquiring specialized bot mitigation providers. During 2020, Gartner observed improvements related to API security features availability, but also more stringent enterprises’ requirements related to the four core WAAP features.