Roughly a year and a half ago I began a process of measuring the importantance of technologies in the mobile security space. I'm currently beginning that same process for the application security market. Many technologies exist that provide business value to enterprises for the security of their applications, but which ones are better at delivering on the business value that the enterprise really wants? Have any of these technologies outlived their usefullness, falling to innovation and new ideas? Which technologies should the enterprise prioritize spending their limited security budget on? I hope to answer these questions and more!

I've identified nine distinct application security technologies that make up the application security market. (Link to additional details!). I'm sure there are technologies that I've missed and arguments to be made to remove something. As always, my research is significantly improved with your help! 

If you are interested in participating in this research or have feedback on the technology list, respond via this web form, in the comments below, or via email / tweet to tshields@forrester.com (@txs). 

Technology
Application Hardening
Web application firewall (WAF)
Hybrid Analysis
(Runtime, Instrumented, Interactive)
Dynamic Analysis
Static Analysis
Manual Application Penetration Testing and Application Consulting Services
Penetration Testing Tools
Fuzz Testing Tools
Software Composition Analysis