Top 10 Application Security Testing Services Ranked in Gartner Report

Data breaches can cost companies millions in business losses or even legal damages even as cyber-criminals ramp up their efforts to break into networks to steal data or hold it for ransom. To thwart cyber-attackers, enterprises are investing in application security testing services that look for application vulnerabilities and stress test security defenses. But there are an increasing number of companies offering security testing services making to more difficult to find capable firms prepared provide services at an affordable cost. The Gartner IT industry recently released a Magic Quadrant evaluation identifying the companies with the best offerings. This slide show will share the top companies identified by Gartner in its report.

Micro Focus’ application security testing service stands at the top of this year’s Gartner Magic Quadrant. The company, one of five in the “Leaders” category, earned the highest marks for its “completeness of vision”—a measure of its market understanding and strategy. It landed just behind CA Technologies’ Veracode for “ability to execute,” which evaluates brands on sales execution, marketing effectiveness, and overall product appeal, among other factors.

CA Technologies’ Veracode is another high-performing application security testing provider at the top rung of Gartner’s Magic Quadrant. It took third place for its “completeness of vision” behind Micro Focus and Synopsys. However, Veracode was able to earn the top spot for its ability to execute. It’s firmly rooted in the “Leaders” quadrant. 

Synopsys was among the industry giants in the “Leaders” category, thanks to its second-place finish in its “completeness of vision.” However, Gartner found the company was the lowest performer of all the Leaders in its ability to execute. 

Checkmarx found itself firmly rooted in the middle of the “Leaders” category. The company was able to win the third spot among all companies for its “ability to execute” and took third place for its “completeness of vision.” However, its smaller market share pushed it closer to the “Challengers” category than most.

IBM is the fifth and final company to find its way into the “Leaders” category in Gartner’s Magic Quadrant. The company was in fourth place for its “ability to execute,” topping Synopsys. Its “completeness of vision,” however, is a bit behind those of its competitors and earned the company a fifth-place result in that measure.

WhiteHat Security is the leading contender in the group of “Challengers” from Gartner’s Magic Quadrant on Application Security Testing. The company’s services are tops among Challengers for its “completeness of vision” and stands above the other companies for its “ability to execute.” Still, in every measure, WhiteHat Security is behind the market leaders.

Rapid7 is next up in the “Challengers” category. The company is far behind WhiteHat Security for its “completeness of vision,” but tops the third and final Challenger, Qualys. In its evaluation of Rapid7’s “ability to execute,” Gartner found that it took eighth place overall behind both WhiteHat Security and Qualys.

Qualys finds itself in the third spot in the “Challengers” section of Gartner’s Magic Quadrant. The company performed relatively well—seventh place overall—in its “ability to execute,” putting it ahead of Rapid7 and just behind WhiteHat Security. However, for “completeness of vision,” Qualys is in last place of all 12 companies Gartner evaluated.

Contrast Security has the distinction of being the only company in the Magic Quadrant to land in the “Visionaries” category. The company earned that designation for having an exceedingly strong “completeness of vision” that actually put it ahead of all of the market’s “Challengers.” However, with a third-to-last “ability to execute,” Contrast Security has some catching up to do to there to move into the “Leaders” category.

Positive Technologies is one of the three companies in the “Niche Players” quadrant along with Trustwave and SiteLock. Positive was tops among those companies for its “completeness of vision” but landed in the middle between Trustwave and SiteLock for its “ability to execute.”