The application security space has grown significantly over the years, with hundreds of vendors and firms contributing to a market estimated to reach $7.6 billion by 2021. The most utilized application security practice is penetration testing, used by over 80% of respondents, followed by incident response teams and processes, and application vulnerability scanning. However, smaller companies tend to utilize fewer activities, with significant variations in the use of static analysis and threat modeling. Despite saturation in many methods, breaches still occur due to hacking. Bug bounty programs have emerged as a solution, leveraging top security researchers to augment automation solutions and find results beyond penetration testing, addressing challenges such as finding vulnerabilities that automated tools may miss.