Neil MacDonald

A member of the Gartner Blog Network

Entries Tagged as 'application security testing tools'


Getting Ready for Gartner’s 2012 Infrastructure & Operations and Information Security Summits

by Neil MacDonald  |  May 21, 2012  |  Comments Off

I’ve been absent from my typical blogging routine getting my material finalized for two Gartner upcoming US-based summits in June 2012. The first is Gartner’s Infrastructure and Operations Management Summit being held in Orlando the week of June 4th. This conference is focused on infrastructure and operations solutions for managing desktops, servers, and mobile devices […]

Comments Off

Category: Application Security Beyond Anti-Virus Big Data and Information Security Cloud Security Information Security Next-generation Security Infrastructure Security Intelligence Virtualization Security     Tags: , , , , , , , , , , , , ,

Interactive Application Security Testing

by Neil MacDonald  |  January 30, 2012  |  8 Comments

Dynamic Application Security Testing (DAST) solutions test applications from the “outside in” to detect security vulnerabilities. In contrast, Static Application Security Testing (SAST) solutions test applications from the “inside out” by looking a source code, byte code or binaries. Both approaches have their pros and cons and, until recently, the market for these tools has […]

8 Comments »

Category: Application Security Security Intelligence     Tags: , ,

DevOps Needs to Become DevOpsSec

by Neil MacDonald  |  January 17, 2012  |  Comments Off

DevOps seeks to bridge the development and operations divide through the establishment of a culture of trust and shared interest among individuals in these previously siloed organizations. However, this vision is incomplete without the incorporation of information security, which represents yet another silo in IT. Breakdowns in communications and processes across development, operations and security […]

Comments Off

Category: Application Security Next-generation Security Infrastructure     Tags: , , , , , ,

Link Web Application Firewalls to Dynamic Application SecurityTesting Tools

by Neil MacDonald  |  January 9, 2012  |  6 Comments

I called this a “security no brainer” years ago and the advice is absolutely still relevant today. In Gartner’s latest Magic Quadrant for Dynamic Application Security Testing (DAST) solutions for clients, one of the evaluation criteria we looked at was whether or not the vulnerability knowledge of the DAST solution could be exported and used […]

6 Comments »

Category: Application Security Security Intelligence     Tags: , , ,

The Market for Dynamic Application Security Testing is Anything but Static

by Neil MacDonald  |  January 4, 2012  |  1 Comment

We’ve just published a new Magic Quadrant for Dynamic Application Security Testing (DAST) for Gartner clients. In Gartner research, we use the term DAST to refer to testing solutions and techniques that are designed to test an application from the “outside in” to detect conditions indicative of a security vulnerability in an application in its […]

1 Comment »

Category: Application Security Applications Cloud Cloud Security     Tags: , ,

Security Observations from European Symposium

by Neil MacDonald  |  November 14, 2011  |  1 Comment

I spent the last week in Barcelona with 4,000+ attendees at the 2011 Gartner European Symposium. It was a new venue for Gartner (we were displaced from Cannes by the G20), and I’m happy to say it was a fantastic with record attendance. Security was front and center of attendee interests. We had a total […]

1 Comment »

Category: Application Security Cloud Security Virtualization Security     Tags: , , , ,

Four Security Breaches, Four Security Lessons

by Neil MacDonald  |  May 23, 2011  |  2 Comments

There’s been a bunch of highly publicized attacks recently. Each one has a major lesson for information security. 1) Barracuda’s breach Major lesson: Test all of your web-enabled applications for vulnerabilities as a part of the ongoing application development and change process. This was the root cause of the breach. Minor lesson: Web application firewalls […]

2 Comments »

Category: Application Security Cloud Cloud Security Information Security     Tags: , , , , ,

Lesson from Android: Does More Open Have to Mean Less Secure?

by Neil MacDonald  |  March 11, 2011  |  Comments Off

Google’s Android has made the news a couple of times already in 2011: Here, with a credit card snooping exploit proof of concept and most recently, with malware that had gotten into the Google application store. The latter was particularly serious as it involved a privilege escalation attack that broke out of the Android sandbox. […]

Comments Off

Category: Application Security Beyond Anti-Virus Endpoint Protection Platform     Tags: , , , , , ,

Is Microsoft’s Secure Development Lifecycle Losing Its Effectiveness?

by Neil MacDonald  |  March 7, 2011  |  4 Comments

I was performing some background research on the number and severity of vulnerabilities produced by Apple, Microsoft and other vendors when I ran across something quite interesting. (BTW – I was researching the issue addressed in this research note for clients — whether or not antimalware software is recommended for enterprise Apple Macintosh endpoints.) Microsoft, like […]

4 Comments »

Category: Application Security Information Security Microsoft Security Windows 7     Tags: , , , , ,

Static or Dynamic Application Security Testing? Both!

by Neil MacDonald  |  January 19, 2011  |  6 Comments

Static application security testing (SAST) can be thought of as testing the application from the inside out – by examining its source code, byte code or application binaries for conditions indicative of a security vulnerability. Dynamic application security testing (DAST) can be thought of as testing the application from the outside in – by examining […]

6 Comments »

Category: Application Security Applications     Tags: , , ,