Gain Top-Notch InfoSec Skills at SANS Las Vegas 2018. Save $400 thru 12/6.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Application Breaches and Lifecycle Security: SANS 2017 Application Security Survey, Part 2

  • Wednesday, October 25th, 2017 at 1:00 PM EST (17:00:00 UTC)
  • Frank Kim, Anthony Bettini and Ryan O\'Leary

Sponsors

  • Rapid7 Inc.
  • Synopsys
  • Tenable
  • Veracode
  • WhiteHat Security

You can now attend the webcast using your mobile device!

Overview

The first part of the two-part Application Survey results webcast, on Tuesday, October 24 at 1 p.m. Eastern focuses on the overall survey results. Click here to register for the Part 1 webcast. This webcast focuses more on the threats, how they spread and what organizations can do about it.

Breaches involving new, faster forms of development are having impact on organizations hosting and developing these apps, according to results of the SANS 2017 Application Security survey.

For example, containerized appsbuilt on reusable, community-based componentshad the most widespread impact on organizations experiencing breaches, while breaches of legacy apps were the most common, least widespread, and caused the least widespread damages. IoT-related applications, and APIs also tended to be more widespread.

In this webcast, learn how these apps and their components are breached, and how organizations are mitigating these new threats in their development and operational environments. For example, learn:

  • The controls and technologies needed to enable agile business while protecting against rogue code and other risks
  • How to design security in from the beginning so that "agile" still means agile
  • How to plan SecDevOps program with the future of faster and faster (continuous) DevOps cycles

Register for this webcast and be among the first to gain access to the associated survey results whitepaper developed by Jim Bird, editor of the SANS Software Security Blog and co-author of DEV534: Secure DevOps: A Practical Introduction.

View the associated whitepaper here.

Speaker Bios

Frank Kim

Frank Kim leads the management and software security curricula for SANS, developing courses on strategic planning, leadership and application security. He is also a SANS certified instructor, helping to shape, develop and support the next generation of security leaders. Previously, Frank served as CISO at the SANS Institute, leading its information risk function, and executive director of cybersecurity at Kaiser Permanente, where he built an innovative security program to serve one of the nation's largest not-for-profit health plans and integrated healthcare provider. Currently, as founder of ThinkSec, a security consulting and CISO advisory firm, Frank helps leaders develop business-driven security programs.


Anthony Bettini

Anthony Bettini is Senior Director of Software Engineering at Tenable, specializing in security automation and innovative security research. Prior to Tenable, he founded and served as CEO of FlawCheck, a container security firm acquired by Tenable in 2016. Anthony was also the founding CEO of Appthority, which won the "Most Innovative Company" distinction at RSA Conference 2012. Earlier in his career, he honed his security and leadership skills at Intel, McAfee, Foundstone, Guardent, Bindview, and Netect. A sought-after speaker at conferences such as Black Hat and RSA, Anthony was also technical editor for Hacking Exposed and holds several software patents.


Ryan O'Leary

Ryan O'Leary is the Chief Security Research Officer of the Threat Research Center and Technical Support at WhiteHat Security. He joined WhiteHat Security as an ethical hacker in 2007 and has since developed a breadth of experience finding and exploiting web application vulnerabilities and configuring automated tools for testing. Ryan manages a team of over 150 security engineers, based in three locations over two continents. He is also responsible for overseeing the delivery of WhiteHat Sentinel, which services over 10,000 customer websites. Under Ryan's leadership, the team has built a one-of-a-kind database that combines details of more than 26M vulnerability patterns with proprietary algorithms to assess the threat level.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.