The Dynamic application security testing (DAST) Market is expected to reach a CAGR of 24.3% during the forecast period (2021-2026). The increasing number of web-based applications and mobile applications need for faster deployment, and the robust maintenance of these applications and continuously increasing cyber-attacks are some of the major factors driving the growth of the market.
- Besides, the shift towards modern web-services architectures has led to broader adoption of API use, and thus organizations are significantly more exposed to the attackers. For instance, In 2019, Personal data of over 100 million users of the Indian search service named JustDial was exposed after an unprotected database was found online. The leaked data contained was collected in real-time from every customer who accessed the service via its website, mobile app, or even by calling, and includes usernames, email addresses, mobile numbers, addresses, occupation, and photos.
- Furthermore, Necro, the android trojan has quickly risen to the top due to the CamScanner application available on the Google Play store. The application had more than 100 million installations, CamScanner is one of the most popular document-to-pdf applications on the app store. This entire user base was instantly exposed to a malicious backdoor once the developers of the application unknowingly switched their ads library to a backdoored one infected with Necro. Adware continues to be one of the most lucrative business models for mobile malware authors.
- The increased deployment of DevOps has also enabled DAST solutions to be incorporated in the software development lifecycle and thus have increased the applicability across industries. This has eased out the process of integration along with other benefits such as cloud deployment, Continuous & On-Demand Risk Assessments, safe production, and AI-enabled verification. This in turn results in reducing the number of false positives and therefore saves a lot of cost for the organization. Moreover, the emphasis on prevention more than relying on detection and remediation is expected to boost the demand for dynamic application security testing solutions.
- Countries across the world have implemented precautionary measures due to the ongoing spread of coronavirus. The majority of people are working and learning from home. This has resulted in a rise in the adoption of video communication platforms. In the past four months, the new domain registration on these video communication platforms, including Zoom, has rapidly increased. According to the Checkpoint Security march 30th published report, since January 2020, more than 1700 new domains have been registered, 25% of which have been recorded in the first week of March 2020. This has resulted in increased cyberattacks and is expected to boost the market for DAST in the long term.
Key Market Trends
BFSI is Expected to Witness Significant Growth
- The rapid adoption of cloud infrastructure and third-party applications, the trend towards open banking has led to increased emphasis on application security testing. Big players in the BFSI industry are revamping third party data access due to security threats. For instance, in January 2020, JPMorgan Chase announced that it would ban third-party apps from accessing customer passwords.
- In February 2020, London-based Finastra, one of the largest fintech companies, mentioned partnering with Synopsis for the adoption of cloud-based security solutions for all its online banking applications. To date, Finastra has a customer base of more than 9,000 banks and financial institutions.
- Moreover, mobile banking malware requires little technical knowledge to develop and even less to operate. The malware searches for a banking app on the infected device and creates a fake overlay page once the user opens it. The user will then enter the user's credentials, sending it directly to the attacker's server. The increasing sophistication of cyber-attacks has also resulted in increased adoption of security testing solutions.
- In July 2019, a hacker gained access to personal information of around 106 million customers of financial corporation Capital One - the third-largest issuer of credit cards in the United States by exploiting a misconfigured web application firewall. It included 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to an undisclosed number of people's names, addresses, credit scores, credit limits, balances, and other information, according to the bank and the US Department of Justice.
North America is Expected to Hold Major Share
- The region is expected to dominate the dynamic application security testing market driven by the United States, which is the global technological leader. Its higher dependence on cloud-based applications and investments by players in the country in security solutions are driving the demand for security-as-a-service (SaaS) in the United States.
- Moreover, cyberattacks in North America are rising rapidly and have reached an all-time high, primarily owing to the rapidly increasing number of connected devices in the region. In the United States, consumers are using public clouds, and many of their mobile applications are preloaded with their personal information for the convenience of banking, shopping, communication, etc.
- The bandwidths that 5G enables are expected to drive an explosion in numbers of connected devices and applications. eHealth applications will collect data about users’ well-being, whereas Smart city applications will receive information about how users live their lives. The ever-growing volume of personal data will need to be protected against breaches and theft. Therefore vendors from various industries in the region are incorporating security testing solutions in the early stages of the software development lifecycle.
- According to Deccan Herald, the IT Technological giant Wipro invested in the US-based cybersecurity company Vectra Networks and the fraud prevention firm, Emailage Corporation, in order to establish a cyber defense platform. Wipro also invested USD 8.83 million in application security company Denim Group.
The market for dynamic application security testing market is moderately fragmented owing to the presence of global players in the market. Automating the process of testing with the integration of AI and machine learning is expected to provide a sustainable competitive advantage to the players. The required high investment and technology are significant barriers to the entry of new players in the market.
- In February 2020, WhiteHat Security Inc., an independent subsidiary of NTT Ltd. and an application security provider, announced expanding its presence and product offerings in the Australian market after securing a significant amount of business in the region. The expansion includes a top-four Australian financial services company.
- In November 2019, IBM corporation announced Cloud Pak for Security to connect with any security tool cloud or on-premise system, without moving data from its source. The platform also includes open-source technology for hunting threats and automation capabilities to speed up the identification process for cyberattacks.
- The market estimate (ME) sheet in Excel format
- 3 months of analyst support
This product will be delivered within 2 business days.
Table of Contents
1.2 Scope of the Study
4.2 Industry Value Chain Analysis
4.3 Industry Attractiveness - Porter's Five Forces Analysis
4.3.1 Bargaining Power of Suppliers
4.3.2 Bargaining Power of Consumers
4.3.3 Threat of New Entrants
4.3.4 Threat of Substitute Products
4.3.5 Intensity of Competitive Rivalry
4.4 Market Drivers
4.4.1 Growing Adoption of Third-Party Applications
4.4.2 Increasing Sophistication Level of Cyber-Attacks
4.5 Market Challenges
4.5.1 High Deployment Costs and the Need to Quickly Deploy Applications to End-Users
6.2 By Application**
6.2.1 Web Application Security
6.2.2 Mobile Application Security
6.3 By End-user Vertical
6.3.1 IT and Telecom
6.3.4 Government and Defense
6.4.1 North America
6.4.3 Asia Pacific
6.4.4 Middle East and Africa
6.4.5 Latin America
7.1.1 IBM Corporation
7.1.2 Micro Focus International PLC
7.1.3 Synopsys, Inc.
7.1.4 Veracode, Inc.
7.1.5 WhiteHat Security, Inc.
7.1.6 Accenture PLC
7.1.7 Pradeo Security Systems SAS
7.1.8 Rapid7 Inc.
7.1.9 Tieto Corporation
7.1.10 Trustwave Holdings, Inc.
A selection of companies mentioned in this report includes:
- IBM Corporation
- Micro Focus International PLC
- Synopsys, Inc.
- Veracode, Inc.
- WhiteHat Security, Inc.
- Accenture PLC
- Pradeo Security Systems SAS
- Rapid7 Inc.
- Tieto Corporation
- Trustwave Holdings, Inc.