Posted by Synopsys Editorial Team on March 1, 2017
Synopsys has moved into the “Leaders” quadrant for Application Security Testing (AST) in a new report. Five of 18 vendors analyzed were named Leaders in 2017.
This move comes shortly after the recent acquisition of Cigital and Codiscope. “We believe Gartner recognizes the capabilities of the combined companies and the value that we provide to our customers,” said Drew Kilbourne, Managing Director at Synopsys.
Customers often look to the Gartner Magic Quadrant reports for guidance in a crowded market.
Gartner’s definition of AST includes the buyers and sellers of products and services designed to analyze and test applications for security vulnerabilities.
“No one knows everything about getting good software security done,” said Sammy Migues, Principal Scientist at Synopsys. “You need pointers from others who’ve tried before you. That could be a collegial group of CISOs or even the BSIMM community. For lots of people, the place for pointers is the Gartner Magic Quadrant.”
In a recent Gartner study, 71% of respondents replied that increased usage of automated and integrated app testing before production will be among their top-three critical security measures to be adopted by the end of 2019.1 The AST market size is estimated to have reached $719 million at the conclusion of 2016. The application security testing market is growing rapidly, with a projected 14.2% compound annual growth rate (CAGR) through 2020.
Testing toward the beginning of the Software Development Lifecycle (SDLC) can save organizations money primarily by reducing known vulnerabilities in the released application software. With the increasing use of Agile and DevOps methodologies, automated tools integrated earlier in the life cycle allows developers to mitigate issues as the code progresses. Additionally, the increasing use of third-party software today requires that it too be tested for vulnerabilities and licensing issues as it is integrated into the final codebase.
1. Gartner Magic Quadrant Leaders provide an overall completeness of vision and ability to execute to their customers.
We believe that with Synopsys, application security testing can occur at any stage from architecture and design and continue through the SDLC to final production. As part of its core software testing tools Synopsys provides Static Application Security Testing (SAST), Software Composition Analysis (SCA), Intelligent Fuzz Testing, and Interactive Application Security Testing (IAST). With our acquisition of Cigital, we now provide both DAST and SAST as-a-service. And through our acquisition of Codiscope, we offer a lightweight SAST tool
2. Gartner Magic Quadrant Leaders employ a variety of deployment options.
We believe that Synopsys tools and services offer customers the flexibility of an on-premises solution, a managed service, or a blend of both, giving organizations access to a broader set of application testing tools from Synopsys.
3. Gartner Magic Quadrant Leaders invest in their technology, often leading the market and affecting its overall direction.
In addition to tools, Synopsys provides security services and training programs through its 300+ security professionals and our Building Security In Maturity Model (BSIMM).
Our generational fuzz testing tool supports XMPP, Message Queuing Telemetry Transport (MQTT), Constrained Application Protocol (CoAP), and Advanced Queuing Protocol (AMQP), all lesser-known protocols gaining importance within IoT.
Finally, we believe moving into the upper-right corner of the Gartner Magic Quadrant means “lots of people not only use your stuff, they’re willing to recommend it to others,” said Migues. “That’s a big deal. Organizations will always get farther faster working with vendors who both take pride in their innovation and focus every day on making their clients successful. That’s the kind of ethic that gets a vendor in that upper corner and that gets a client a real long-term partner.”
We encourage you to download this complimentary copy of Gartner’s 2017 Magic Quadrant report for Application Security Testing to learn more about the tools and services available from Synopsys.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.