BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Gold: QualysGuard WAS, Qualys Inc.
Between unpatched commercial Web applications and custom-built ones that are inherently weak, most enterprises struggle to identify and remediate issues before attackers find and exploit them. However, plenty of vendors are stepping in to help enterprises fill (or prevent) the breach.
Top among them, according to our readers, is the QualysGuard Web Application Scanning (WAS) cloud service from Qualys Inc. After discovering and cataloging the Web applications in use within an organization (both on-premises and in the cloud), WAS assesses each application's security status, identifies design flaws, unpatched holes and malware, and spins out a comprehensive report that security and DevOps teams can use to prioritize and address remediation efforts. The product also offers a variety of APIs so that scan data can be provided to other security and compliance systems.
In earning the 2013 Readers' Choice gold medal, readers lauded the ease with which the product can be implemented. Requiring no installation, the service can be quickly activated and applied to any number of Web applications. Respondents also gave WAS a high rating for its effectiveness in detecting and reporting known attacks and vulnerabilities.
Expert market reflection on category dynamics:
"Application security remains key in keeping enterprise data secure. It's great to see vendors coming up with innovative new ways of thwarting attacks. The continued development of new technologies will ensure further growth in the application security product market."
-- Michael Cobb, CISSP-ISSAP, Cobweb Applications Ltd.
Silver winner: Juniper Networks AppSecure, Juniper Networks Inc.
In the first runner-up spot is Juniper Networks Inc.'s AppSecure, a set of appliance-based application security capabilities that work in tandem with the networking vendor's SRX Series Services Gateways in both branch network and data center deployments. Designed for high-performance, on-premise application environments, AppSecure's features include packet-level application data inspection and analysis, application policy management and enforcement, application traffic bandwidth management to facilitate network quality of service, application denial-of-service detection and mitigation at the network perimeter, and application attack defense with Juniper IPS integration. Readers praised the product's ability to detect and prevent known attacks.
Bronze winner: API Gateways, Layer7 Technologies Inc.
Layer7 Technologies Inc.'s set of API gateways, an extension of its SOA Application Gateway product for securely exposing and managing access to back-end applications via APIs, earns this year's application security bronze medal. The product offers an integrated Web, mobile and XML firewall, an API proxy for security and orchestration, a network gateway for integration with cloud-based applications and services, and support for numerous legacy protocols in addition to REST and JSON. Readers were particularly fond of the frequency with which the product is updated, and the ease with which it can be installed, configured and managed.