Winter 2020 Update: the 2019 Application Protection Report was written over the course of 2019 and based on data from the 2018 calendar year. At the end of 2019, in preparation for continuing our research in 2020, we collected and examined public breach notifications from 2019. These new data validated our findings from the previous year, and in some cases indicated that trends we identified are accelerating. While we will unpack all of the signs in our forthcoming 2020 research series, we have included our latest findings, particularly with respect to data breaches, in a 2nd Edition of the 2019 APR Executive Summary. We hope this fresh intel is useful to you while we read the signs and work on the 2020 report!
This is the 2019 Application Protection Research Series in its most distilled form. We’ve taken the information and conclusions contained in the episodes, boiled them down to their essences, and tied them together to form a single, brief overview of the 2018 application threat landscape. One of the goals of the Application Protection Research Series is to place all threats and trends within the same big picture and over the same timeframe, to help practitioners incorporate new information into their current work. This perspective has the added advantage of allowing us to see links between trends that might seem disparate on the surface, like the popularity of PHP injection and the growth of APIs, and to begin to address the underlying phenomena driving those trends.