About Gartner Magic Quadrant for AST

The Gartner Magic Quadrant forAST (Application Security Testing) analyses dynamic, interactive and static Application Security Testing capabilities of vendors and publishes its findings. As is the case with Gartner research reports, they perform research extensively to determine the vendors to be positioned in the Challengers,Leaders, Niche Players and Visionaries quadrants in their report. Gartner mentions the application of a graphical treatment and a uniform set of evaluation criteria that helps evaluate technology providers based on their execution of stated visions and their performance against Gartner’s market view.

The report details market definitions and descriptions, the Gartner MQ for ASTvendors in terms of leaders, Challengers, Visionaries, and Niche Players with the vendor strengths and cautions. It also lists the vendors that have been dropped or added along with the inclusion and exclusion criteria. It also mentions the context and the market overview followed by recommended reading. The report now comes with additional perspectives, providing valuable insight into key markets either by industry, geography or company size.

The evaluation criteria for the Gartner Magic Quadrant forASTis listed as the Ability to Execute and Completeness of Vision. So, all the vendors are examined from these two angles and then placed in the respective quadrant. Gartner suggests using this Gartner MQ for AST only as a first step in understanding the technology providers and their products and services being considered for specific investment opportunities.

Gartner Critical Capabilities for AST

Apart from the magic quadrant, Gartner has also come out with a Gartner Critical Capabilities for AST report. Gartner lists critical capabilities report as companion research that provides deeper insight into the capabilities and suitability of the providers. This is meant for security and risk management leaders to help evaluate AST solutions. Based on their organizational use cases, these inputs would help them to select the best fit vendors for their use.

This report provides an analysis of critical capabilities use-case graphics for specific vendors along with the product/service class definition. Use cases provide you insights into common scenarios on how you may use the product or service under consideration, thus giving you valuable insight. This is followed by definition of critical capabilities in terms of various important aspects of AST like:

  • Dynamic AST as a Tool
  • Dynamic AST as a Service
  • Static AST as a Tool
  • Static AST as a Service
  • Interactive AST
  • SDLC Integration
  • Automation and Turnaround
  • Certifications
  • Stand-Alone AST

The use cases cover areas like the commercial, regulated, DevOps, penetration testing as well as custom ones. The vendors added and dropped have again been listed with the critical capabilities rating as the inclusion criteria.

Usage of these reports

Gartner lists that both the critical capabilities as well as the magic quadrant should be reviewed together for a holistic view of the vendors, and understanding their products and services. They can be used to compare vendors on this basis and selected against specific differentiators supporting strategic purchase decisions.

Comments are closed