Positive Technologies positioned in Gartner Magic Quadrant for Application Security Testing

Recognition of the company comes as it prepares to introduce exciting new features for businesses of all sizes, including further reductions in the burden of Enterprise-level AppSec

Positive Technologies has been positioned in the 2018 Gartner Magic Quadrant for Application Security Testing for its PT Application Inspector (PT AI) solution.

PT AI provides pinpoint accuracy in vulnerability detection through its unique combination of several AST methods (SAST, DAST, IAST and others) alongside proprietary verification and filtering technologies. It uncovers security flaws as well as undocumented features at different stages of the application lifecycle, supporting all types of applications for web, mobile, IoT and other platforms.

Positive Technologies believes that Gartner’s acknowledgement of the company at a relatively early stage in its AST solution development is testament to its innovative use of abstract interpretation technology to increase the accuracy of its results. From our perspective, this advanced approach enables PT AI to filter out false positives and automatically verify whether detected vulnerabilities can be successfully exploited. PT AI uses the same technology for behavioral analysis of mobile applications in both iOS and Android (for applications developed in C# using Xamarin, and Android Java).

PT Application Inspector is fully integrated with PT Application Firewall (PT AF). Gartner has previously positioned Positive Technologies as Visionary in its Magic Quadrant for Web Application Firewalls from 2015-2017.

The integration between PT AI and PT AF allows organizations to generate instant, automated virtual patches in their WAF which protect applications from attacks that exploit the vulnerabilities identified by PT AI. This ensures business continuity, while buying time for developers to fix the source code flaws.

PT also boasts other features that alleviate pressure on application development and security teams, including automated verification of vulnerabilities, filtering and prioritization of scan results, and support for incremental scanning, which reduces turnaround times for apps that require frequent assessment. Moreover, to support widely adopted DevOps practices, PT AI can be seamlessly added to continuous integration (CI), and continuous delivery (CD) processes without delivery delays or changes to established working patterns.

Positive Technologies is confident that its commitment to flexibility and quality customer support was reflected in its position within the Magic Quadrant.

“PT Application Inspector is a relatively young product but we are already getting major recognition for its innovation and how we are helping customers,” said EVP at Positive Technologies. “To us, being positioned as a Niche Player in the Magic Quadrant is a great start and we have exciting developments coming throughout the year that we think will build on this achievement. We feel that we share Gartner’s vision of the market and we are working hard to add functionality that actively addresses the market’s demands and needs.”

PT AI has already started bringing benefits to customers ranging from a large European electronics retail chain with multiple online stores, to an e-procurement platform serving tens of thousands of suppliers and buyers, a global provider of multi-channel consumer finance, and a bank with over two million individual customers and 50,000+ business customers.

One such customer is Fortune 500 company, Tech Data, one of the world’s largest distributors of IT products and Services. “PT Application Inspector has become an integral part of our ongoing security testing program for dozens of web applications,” says Juergen Streit, Director of Worldwide IT Security for Tech Data. “It filters out false positives and irrelevant results, allowing us to really optimize our AST processes and focus our time on tackling real threats instead of searching for them like a needle in a haystack.”

In addition, work is underway to implement other exciting new PT AI features, including an upgrade of the virtual patching technology. The new-look Runtime Virtual Patching (RVP) will detect attacks in real time with actual user input, but without impacting application functionality and performance. Upcoming releases of PT AI will also support new languages including Objective C, Swift, JavaScript, Scala, and C\C++; as well as search integration with the National Vulnerability Database to improve CVE vulnerability detection.

Gartner, “Magic Quadrant for Application Security Testing,” Ayal Tirosh, Dionisio Zumerle, Mark Horvath, 19 March 2018.

Gartner, “Magic Quadrant for Web Application Firewalls,” Jeremy D’Hoinne, Adam Hils, et al., 7 August 2017.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.