As the digital landscape evolves, application security becomes critical to business operations. In Forrester's recently released report, "The State of Application Security, 2023," researchers Janet Worthington, Sandy Carielli, Amy DeMartine, and Danielle Chittem shed light on organizations' challenges and opportunities in securing their applications. Let's take a closer look at the key insights from the report.

Shift-Everywhere Dominates

The report emphasizes the growing influence of the Shift-Everywhere movement in application security. Applications have become complex ecosystems comprising legacy code, microservices, APIs, and third-party dependencies. Attacks targeting the software supply chain pose significant threats to organizations, making it essential for security, development, and operations teams to collaborate effectively.

Application Security Wins and Vulnerabilities

While the Log4Shell vulnerability set the stage for software supply chain challenges in 2022, security initiatives also saw some positive developments. Adopting a software bill of materials (SBOM) was a significant step in securing applications. However, the report highlights that web application and software vulnerability exploits are still areas of concern.

Software Composition Analysis (SCA) Emerges

The report recognizes the emerging importance of Software Composition Analysis (SCA) in securing applications. The US government's requirement for self-attestation and SBOM from software suppliers has pushed organizations to adopt SCA tools, which help identify and remediate vulnerabilities in open-source components. Interestingly, organizations that have experienced breaches are adopting SCA even more than those that haven't.

Increasing Budgets for Application Security

The report reveals that application security budgets are rising amid growing security concerns. Most security decision-makers reported that their application security budgets would increase in 2023, especially among organizations that have experienced breaches. Given the escalating costs of breaches, preventive and protective security measures have become imperative.

Purchasing Power Shifts to Developers

The report identifies a shift in developers' purchasing power when selecting application security tools. Development teams are now more involved in decision-making, and security professionals must act as strategic advisors during tool selection.

Focus on Next-Generation Attacks and Industry Priorities

Next-gen software supply chain attacks have seen explosive growth, such as dependency confusion, typo-squatting, brandjacking, and protestware. The report urges organizations to invest in SCA products that detect malicious packages and block such packages from entering their software supply chains.

Different industries prioritize specific application security technologies based on their unique threat landscapes. Manufacturing and retail sectors focus on mobile application security, while financial services emphasize client-side code protection. Understanding these priorities can help organizations better tailor their security strategies to suit their industry's needs.

In a rapidly changing digital landscape, securing applications has become a top priority for organizations. Forrester's report on "The State of Application Security, 2023" provides valuable insights into the challenges and opportunities in this domain. It emphasizes the need for a collaborative approach between security, development, and operations teams and the adoption of advanced security tools like SCA, IaC scanning, etc., to protect against emerging threats.

That's it for now; the full report has much more to explore!

Want to dive deeper into the findings and recommendations?

Download the 20-page complimentary report from Forrester to understand the state of application security in 2023.