Frost and Sullivan World Applications Security Products Study

Network security is steadily gaining prominence as Web applications are emerging as vital components for business-to-customer organizations, according to Frost & Sullivan. The application security market encompasses products that scan for security weaknesses in Web applications, custom in-house applications and applications in development. Application security vendors have evolved from providing strictly consulting services to now offering strong stand-alone products.

New analysis from Frost & Sullivan, World Application Security Products Markets, finds that the market earned revenues of over $165 million in 2007 and estimates this to reach $596 million in 2014.

According to the analysis, Web applications offer innumerable benefits to enterprises because they are easy to deploy and update, operating system-independent and do not require client disk space. While necessary for any organization with a Web site, these applications remain available to the public at all times while staying connected with sensitive, critical backend systems. Web applications are not subject to testing as much as more ubiquitous applications, which can lead to a potentially dangerous situation.

"The security industry has long been centered on network security, but the security focus is shifting," explains Frost & Sullivan Research Analyst Chris Rodriguez. "Organizations are recognizing Web applications and other custom applications are not secure and represent a dangerous point of attack."

Furthermore, most organizations that have secured their network perimeter now turn to application security products to identify software security flaws and prioritize remediation efforts; however, the faltering world economy presents a major challenge for this burgeoning market. Security software is still not quite considered mission critical technology. While there is little that vendors can do to counter this directly, they can focus on improving competitive factors to expand their market share. This demands focus on increasing the availability, affordability and ease of implementation of solutions.

For now, the market is seeing increasing consolidation. Strong growth in 2006 and 2007, when revenues touched an estimated $127 million and $165.3 million respectively, enticed large multinational vendors such as IBM and HP to venture into this space. The dynamic testing segment witnessed decreased growth due to the acquisition of two leading vendors, Watchfire and SPI Dynamics. When these companies achieve complete integration with their parent companies, they are expected to contribute more to the growth of the market. In comparison, static source-code analysis vendors were responsible for a larger share of revenues than those of vendors offering dynamic testing solutions, according to the study's data.

"The recent success of static testing vendors is indicative of the eventual goal of security, which will become an integral part of the software development lifecycle," explains Rodriguez. "Customers are realizing that application security must go beyond dynamic testing and incorporate static testing in order to establish a firm foothold in the market."

Participants can improve their likelihood of success by broadening their product lines and enhancing functionality and features to offer a tandem of dynamic and static testing capabilities.

World Application Security Products Markets is part of the Network Security Growth Partnership Service program, which also includes research in the following markets: vulnerability management, network access control, data leakage prevention and endpoint security. All research services included in subscriptions provide detailed market opportunities and industry trends that have been evaluated following extensive interviews with market participants.

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety