API protection products protect APIs from exploits, abuse and access violations, and assist in remediating API exposures. These products perform API discovery and posture management and provide runtime protection. API protection products may be delivered as cloud-based or on-premises solutions. API protection products serve to provide capabilities to organizations that need to protect their data assets primarily from attacks against the first-party APIs they expose publicly. They also need to provide coverage for the internal APIs and the third-party APIs that they may consume. API products deliver a catalog of inventoried APIs, a prioritized list of remediations of API exposures and alerts on suspicious or malicious activity on APIs.
Gartner defines the application security testing (AST) market as the buyers and sellers of products and services designed to analyze and test applications for security vulnerabilities. This market is highly dynamic and continues to experience rapid evolution in response to changing application architectures and enabling technologies. AST tools are offered either as software-as-a-service (SaaS)-based subscription offerings, or less often, as on-premises software. Many vendors offer both options.
The mobile AST market is composed of buyers and sellers of products and services that analyze and identify vulnerabilities in applications used with mobile platforms (iOS, Android and Windows 10 Mobile) during or post development. Many variations and flavors of techniques exist, but fundamentally mobile AST solutions test applications in three main ways: (1) SAST: These solutions statically analyze the source, binary or bytecode of an application to identify vulnerabilities. (2) Behavioral testing: Mobile AST solutions use behavioral analysis to observe the behavior of the app during runtime and identify actions that could be exploited by an attacker. (3) DAST: These solutions also use dynamic analysis to test the app in its runtime state. DAST simulates attacks against an application and analyzes the application's reactions, determining whether it is vulnerable.