A perceptible multi-year shift among vendors offering a Web application security testing solution, sometimes referred to as dynamic application security testing, or DAST, has occurred year-over-year in our quantitative information security studies. This shift suggests that in the absence of acquisition, smaller pure-play WhiteHat Security is on a trajectory to overtake much larger competitors for enterprise usage. IBM and HP as recently as the 2013 study led the list of DAST vendors via their prior acquisitions of Watchfire and SPI Dynamics respectively, part of an application security strategy that also included code security analysis acquisitions.
In 2011 IBM captured nearly 6% of responses for being ‘in use’ among interviewees’ enterprises, followed by HP at 4%. Cenzic (more recently acquired by Trustwave) followed at a more distant third, with around 1%. Fast-forward to 2014, and Qualys is now the most-cited vendor in the space as traditional vulnerability assessment providers further invade the application security space. HP sits at 6%, as does IBM. WhiteHat Security, which first showed up in the study in 2012, is at 5% ‘in use,’ with a chance to grow 2 percentage points over the next year and a half based on the reported plans of information security managers.
Quotes from security managers using WhiteHat Security from the latest Information Security Study included the following:
- “WhiteHat has the ability to execute and the quality of the service they provide. Weakness is market penetration and source code analysis and being late to the game. I would like to see them more strategic into the overall security environment.” – LE, Financial Services
- “Their [WhiteHat Security's] product implementation had a few hiccups; we’re still struggling to implement it.” – LE, Consumer Goods/Retail
- “It [WhiteHat Security] works as advertised, does exactly what they say it will do. Tech support is weak; there is lack of availability. Getting the human can be a real challenge.” – MSE, Financial Services
- “We’re using WhiteHat for a few apps and will expand usage. They’re the leader in their space.” – LE, Other