Gartner Blog Network

Posts from Date:   2012-1

Interactive Application Security Testing

by Neil MacDonald  |  January 30, 2012

Dynamic Application Security Testing (DAST) solutions test applications from the “outside in” to detect security vulnerabilities. In contrast, Static Application Security Testing (SAST) solutions test applications from the “inside out” by looking a source code, byte code or binaries. Both approaches have their pros and cons and, until recently, the market for these tools has […]

Read more »

DevOps Needs to Become DevOpsSec

by Neil MacDonald  |  January 17, 2012

DevOps seeks to bridge the development and operations divide through the establishment of a culture of trust and shared interest among individuals in these previously siloed organizations. However, this vision is incomplete without the incorporation of information security, which represents yet another silo in IT. Breakdowns in communications and processes across development, operations and security […]

Read more »

Link Web Application Firewalls to Dynamic Application SecurityTesting Tools

by Neil MacDonald  |  January 9, 2012

I called this a “security no brainer” years ago and the advice is absolutely still relevant today. In Gartner’s latest Magic Quadrant for Dynamic Application Security Testing (DAST) solutions for clients, one of the evaluation criteria we looked at was whether or not the vulnerability knowledge of the DAST solution could be exported and used […]

Read more »

The Market for Dynamic Application Security Testing is Anything but Static

by Neil MacDonald  |  January 4, 2012

We’ve just published a new Magic Quadrant for Dynamic Application Security Testing (DAST) for Gartner clients. In Gartner research, we use the term DAST to refer to testing solutions and techniques that are designed to test an application from the “outside in” to detect conditions indicative of a security vulnerability in an application in its […]

Read more »