When the popularity of internet during the late 1980s, Morris Worm infected about 6000 systems worldwide. in 1988.This led DARPA to create CERT to resolve cybersecurity challenges and the introduction of firewall security tools.

There was a rapid rise in the internet access, new website launches in the 90s and HTML code composition in 1990.Gradually there was a rise in internet security, but Static Code Analysis tools have remained the same since Lint.

SATAN renamed as SANTA became the first free software to scan vulnerabilities in 1993.

Newer tools were developed like Nmap in the late 90s and Metasploit in early 2000s.Black hat testing was used by organizations to check for security flaws and hackers to spot the vulnerabilities in other systems.

Netscape released javascript for the creation of dynamic web pages, by embedding scripts to be rendered on the client side and SSL protocol to securely send data over public networks in 1995 which was a significant year for the WWW.In '95, it also released the first bug bounty which gained popularity in the 2000s, to spot out the security flaws before they could be exploited by hackers.

Flash animations were introduced in '96 to impart a rich and dynamic look to the web

JavaScript, flash and Web applications using HTML made the internet lively as well as paved way for hackers were introduced by 1999.

2000 – 2010:

Commercial solutions were developed for the organizations through the development of the second generation of Static Code Analysis tools. The security was then handled by specialized security and testing teams instead of the developers who just wrote the code and came back after security testing to fix the original code before its release. The problems of fake positive rates that had to be manually fixed and bugs were fixed through patches which became unfeasible for large organizations.

To create awareness about web application security, Open Web Application Security Project, instituted in 2001, enlisted the top 10 AppSec risks after every 3 years, first in 2003, which helps organizations to alleviate the critical vulnerabilities.

PCI DSS issued by the Payment Card Industry set the standards to encourage automated security testing. Though there was a growth in the development teams, the security staff were unable to scale security testing which caused a lot of hacks like the "Samy worm" that attacked more than 1 million MySpace profiles by XSS attack in 2005, AOL hacked 650000 users in 2006 and TJ MAXX showed credit card numbers of 94 million users.