A range of application security tools was developed to supportthe efforts to secure the enterprise from the threat posed by insecure applications. But in the ever-changing landscape of application security, how does an organization choose the right set of tools to mitigate the risks their applications pose to their environment? Equally important, how, when, and by whom are these tools used most effectively? This white paper examines the most common tools found in the enterprise application security environment:•Web application firewalls •Web application scanners•Source code analyzers