Neil MacDonald

A member of the Gartner Blog Network

Archives for January, 2012


Interactive Application Security Testing

by Neil MacDonald  |  January 30, 2012  |  8 Comments

Dynamic Application Security Testing (DAST) solutions test applications from the “outside in” to detect security vulnerabilities. In contrast, Static Application Security Testing (SAST) solutions test applications from the “inside out” by looking a source code, byte code or binaries. Both approaches have their pros and cons and, until recently, the market for these tools has [...]

8 Comments »

Category: Application Security Security Intelligence     Tags: , ,

DevOps Needs to Become DevOpsSec

by Neil MacDonald  |  January 17, 2012  |  Comments Off

DevOps seeks to bridge the development and operations divide through the establishment of a culture of trust and shared interest among individuals in these previously siloed organizations. However, this vision is incomplete without the incorporation of information security, which represents yet another silo in IT. Breakdowns in communications and processes across development, operations and security [...]

Comments Off

Category: Application Security Next-generation Security Infrastructure     Tags: , , , , , ,

Link Web Application Firewalls to Dynamic Application SecurityTesting Tools

by Neil MacDonald  |  January 9, 2012  |  6 Comments

I called this a “security no brainer” years ago and the advice is absolutely still relevant today. In Gartner’s latest Magic Quadrant for Dynamic Application Security Testing (DAST) solutions for clients, one of the evaluation criteria we looked at was whether or not the vulnerability knowledge of the DAST solution could be exported and used [...]

6 Comments »

Category: Application Security Security Intelligence     Tags: , , ,

The Market for Dynamic Application Security Testing is Anything but Static

by Neil MacDonald  |  January 4, 2012  |  1 Comment

We’ve just published a new Magic Quadrant for Dynamic Application Security Testing (DAST) for Gartner clients. In Gartner research, we use the term DAST to refer to testing solutions and techniques that are designed to test an application from the “outside in” to detect conditions indicative of a security vulnerability in an application in its [...]

1 Comment »

Category: Application Security Applications Cloud Cloud Security     Tags: , ,