X
May 22, 2025
A new report from independent research firm Forrester has several major findings.
According to Forrester’s Static Application Security Testing Solutions Landscape, Q2 2025, the stakes couldn’t be clearer:
“In Forrester’s Security Survey, 2024, 16% of security decision-makers whose company suffered an external attack indicated that a web application exploit (e.g., SQL injection, XSS) was used to execute that attack.”
The Forrester report also states that over 50% of the vulnerabilities in the CISA Known Exploited Vulnerability (KEV) catalog in 2024 were API-related, a dramatic increase from just 20% the year prior. High-profile breaches — like the zero-day MOVEit exploit or the exposed Trello API — prove that application-layer vulnerabilities are among the most common and consequential paths to compromise.
We’re proud to share that Contrast Security was included among notable vendors in this report as one of 22 vendors shaping the future of static application security testing (SAST). Also, as you can see in the Forrester report, Contrast has a check mark next to Securing AI Applications.
Forrester asked each vendor included in the Landscape to select the top use cases for which clients select them and from there determined which are the extended use cases that highlight differentiation among the vendors. Contrast Security is shown in the report for having selected Securing AI Applications, as a top reason clients work with Contrast Security out of those extended use cases.
As AI-generated code from tools like GitHub Copilot and ChatGPT accelerates development velocity, it also amplifies risk. These tools don’t write perfect code, and security gaps are often inherited downstream. That’s why Contrast’s platform works at the speed of today’s businesses, blocking and identifying threats and vulnerabilities as they show up in runtime, instead of focusing on point-in-time scans.
Software is more dynamic, distributed and AI-driven than ever before. That’s why the old model of scan-focused security doesn’t work. Companies need tools that:
Contrast delivers on these expectations with its AST and ADR solutions.
We believe that when security moves at the speed of modern development, innovation accelerates. That’s why we’re building tools that let you see attacks, stop attacks, and secure your code — whether it’s written by a human, a bot or both.
To learn more about how Contrast secures AI applications and modern software, read the full Forrester report (available to Forrester subscribers or for purchase) or get in touch with our team.
Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester’s objectivity here .
