Earlier this year, when I published The State Of Application Security, 2021, I highlighted how organizations were prioritizing application security and aggressively adopting a range of tools to support their efforts. With firms continuing to build and enhance applications, and with developers embracing new ways of building applications that improve speed to market and enrich customer experiences, it’s no surprise that application security remains on the forefront. Fortunately, a majority of organizations are increasing their application security budgets. In our latest report, Forrester Analytics: Application Security Solutions Forecast, 2020 To 2025 (Global), we projected the growth rates of eight application security submarkets and found that:
Runtime protection will grow faster than security scanning. In our forecast, we grouped application security tools into two buckets: security scanning tools and runtime protection tools. We expect the runtime protection market to grow somewhat faster than the security scanning market, led by container security and bot management. However, the security scanning market won’t be standing still — we predict that software composition analysis (SCA), interactive application security testing, static application security testing, and dynamic application security testing will all experience double-digit growth during the forecast period, with SCA leading the pack.
Container security will experience the fastest growth. We have added container security tools to our forecast in this 2021 update due to ramped-up investment in containers, with firms citing scalability, agility, and cost reduction as top benefits. Container popularity drives container security investment. We expect the container security market to experience the highest growth rate of the protection technologies in our forecast.
Bot management will overtake traditional WAF. We also predict that many of web application firewalls’ (WAF) core functions will be subsumed by bot management, enabling it to overtake traditional WAF as the core application protection solution by 2025. Bot management detects and prevents a range of bot-based attacks, including credential stuffing, web scraping, inventory hoarding, and influence fraud. Bot management tools protect applications from bad bots while allowing good bots and ensuring that human users are not stymied by unnecessary captchas and challenges.