Gartner defines the application security testing (AST) market as the buyers and sellers of products and services designed to analyze and test applications for security vulnerabilities. This market is highly dynamic and continues to experience rapid evolution in response to changing application architectures and enabling technologies. AST tools are offered either as software-as-a-service (SaaS)-based subscription offerings, or less often, as on-premises software. Many vendors offer both options.
The mobile AST market is composed of buyers and sellers of products and services that analyze and identify vulnerabilities in applications used with mobile platforms (iOS, Android and Windows 10 Mobile) during or post development. Many variations and flavors of techniques exist, but fundamentally mobile AST solutions test applications in three main ways: (1) SAST: These solutions statically analyze the source, binary or bytecode of an application to identify vulnerabilities. (2) Behavioral testing: Mobile AST solutions use behavioral analysis to observe the behavior of the app during runtime and identify actions that could be exploited by an attacker. (3) DAST: These solutions also use dynamic analysis to test the app in its runtime state. DAST simulates attacks against an application and analyzes the application's reactions, determining whether it is vulnerable.