With web applications now a primary attack vector, SANS has received thousands of requests to provide more information to help the infosec community adapt traditional defense in depth techniques at the network layer to include more focus on the application layer. This set of working papers will provide up to date information from industry thought leaders and enterprise pros already leading the application security charge in the trenches. If you are interested in contributing a paper for consideration, please send an email to spa@sans.org.
In addition to the working papers, SANS is now providing a variety of application security and secure coding training. To provide a way to measure skills of suppliers and employees, GIAC has also developed several critical certifications for pen testers, web app security and developers.
Projects like the Top 25 Most Dangerous Programming Errors and the Consensus Audit Guidelines are also providing guidelines and content.
SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
Featuring the following papers
