5 Key Steps for Building an AppSec Program
- Frank Kim & Eric Johnson
- Tuesday, July 25th, 8:15pm - 9:15pm
How do organizations take control of their application security? Chances are, at any given moment, your organization's applications are under attack. The bad guys see your applications as the front door, and a single bad line of code allows them entry. Through a mobile app, web application, or REST API, attackers can pivot to a backend database, your business partner's workstation, or even a payment processing vendor. As development teams continue to push new applications to web, mobile, and cloud environments, the need for an application security program is at an all-time high.
Here's the problem: the application security space has nearly twice as many job openings as candidates. For every 100 developers, there are roughly 10 operations team members and only 1 security professional.
Explore the real-world impact of application security breaches, discuss some alarming statistics and trends, and walk through a series of practical steps for building security into applications from the beginning. Attendees will walk away with actionable ideas and recommended practical tools to help improve their application security program.
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
- Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Sunday, July 23
| Session | Speaker | Time | Type |
|---|---|---|---|
| SANS Technology Institute Commencement | — | Sunday, July 23rd, 5:00pm - 7:00pm | Special Events |
Monday, July 24
| Session | Speaker | Time | Type |
|---|---|---|---|
| General Session - Welcome to SANS | Johannes Ullrich | Monday, July 24th, 8:00am - 8:30am | Special Events |
| State of the Internet Panel Discussion | ISC Handlers | Monday, July 24th, 7:15pm - 9:15pm | Keynote |
Tuesday, July 25
| Session | Speaker | Time | Type |
|---|---|---|---|
| Coffee & Donuts with the Graduate School | — | Tuesday, July 25th, 7:30am - 9:00am | Special Events |
| Stop the Exploits. Stop the Attacks. Keep threats off your devices, before they can run | David Gurganious, Enterprise Sales Engineer | Tuesday, July 25th, 12:30pm - 1:15pm | Lunch and Learn |
| Cyber Threat Intelligence: Big Data Simplified. Operationalizing Threat Intelligence | Brian Roy, Sr. Security Engineer | Tuesday, July 25th, 12:30pm - 1:15pm | Lunch and Learn |
| Data Breaches on the Dark Web: Between Defense and Response | Alex Viana, VP of Engineering | Tuesday, July 25th, 12:30pm - 1:15pm | Lunch and Learn |
| Beyond usernames and passwords. Securing cloud services in a mobile world. | James Plouffe, Lead Solutions Architect | Tuesday, July 25th, 12:30pm - 1:15pm | Lunch and Learn |
| Adaptive Network Automation in Support of Cyber Defense | Richard Larkin, Senior Network Engineer, NetBrain Technologies, Inc. | Tuesday, July 25th, 12:30pm - 1:15pm | Lunch and Learn |
| GIAC Program Presentation | Jeff Frisk | Tuesday, July 25th, 6:15pm - 7:15pm | Special Events |
| So, You Wanna be a Pentester? | Adrien de Beaupre | Tuesday, July 25th, 7:15pm - 8:15pm | SANS@Night |
| The Three C's to Building a Mature Awareness Program | Lance Spitzner | Tuesday, July 25th, 7:15pm - 8:15pm | SANS@Night |
| Peas and Carrots | Heather Mahalik & Philip Hagen | Tuesday, July 25th, 7:15pm - 8:15pm | SANS@Night |
| Espionage, Influence Operations and Political Breaches: What Do the High Profile Attacks Teach Us About Enterprise Security | John Bambenek, ISC Handler | Tuesday, July 25th, 8:15pm - 9:15pm | SANS@Night |
| Securing Your Kids | Lance Spitzner | Tuesday, July 25th, 8:15pm - 9:15pm | SANS@Night |
| 5 Key Steps for Building an AppSec Program | Frank Kim & Eric Johnson | Tuesday, July 25th, 8:15pm - 9:15pm | SANS@Night |
| Offensive Digital Forensics | Alissa Torres | Tuesday, July 25th, 8:15pm - 9:15pm | SANS@Night |
| Auto-Nuke it from Orbit: A Framework for Critical Security Control Automation | Jeremiah Hainly, Master's Degree Candidate | Tuesday, July 25th, 8:15pm - 8:55pm | Master's Degree Presentation |
Wednesday, July 26
| Session | Speaker | Time | Type |
|---|---|---|---|
| Solutions Expo | — | Wednesday, July 26th, 12:00pm - 1:30pm | Vendor Event |
| Solutions Expo | — | Wednesday, July 26th, 5:30pm - 7:30pm | Vendor Event |
| Prioritizing Your Security Program | Keith Palmgren | Wednesday, July 26th, 7:15pm - 8:15pm | SANS@Night |
| Quality not Quantity: Continuous Monitoring's Deadliest Events | Eric Conrad | Wednesday, July 26th, 7:15pm - 8:15pm | SANS@Night |
| A Hunting We Will Go.... | John Strand | Wednesday, July 26th, 7:15pm - 8:15pm | SANS@Night |
| Ten Tenets of CISO Success | Frank Kim | Wednesday, July 26th, 7:15pm - 8:15pm | SANS@Night |
| Malware Analysis for Incident Responders: Getting Started | Lenny Zeltser | Wednesday, July 26th, 7:15pm - 8:45pm | SANS@Night |
| Defense Against the Dark Arts 12b: Defending Linux/Unix Against the Ransomware Threat | David Kennel, Master's Degree Candidate | Wednesday, July 26th, 7:15pm - 7:55pm | Master's Degree Presentation |
| Dos-No-More - An Automation Toolset for Upstream Mitigation of DOS and DDOS Attacks | Rob Vandenbrink, ISC Handler | Wednesday, July 26th, 8:15pm - 9:15pm | SANS@Night |
| Using Security Onion to Review Suspicious Network Traffic | Brad Duncan, ISC Handler | Wednesday, July 26th, 8:15pm - 9:15pm | SANS@Night |
| Making Sense of the Critical Security Controls in the Cloud | Eric Johnson | Wednesday, July 26th, 8:15pm - 9:15pm | SANS@Night |
| Three Keys to Mobile Security: Are You Doing Everything You Can to Protect Your Apps? | Gregory Leonard | Wednesday, July 26th, 8:15pm - 9:15pm | SANS@Night |
Thursday, July 27
| Session | Speaker | Time | Type |
|---|---|---|---|
| How to Become a SANS Instructor | Eric Conrad | Thursday, July 27th, 12:30pm - 1:15pm | Lunch and Learn |
| Women's CONNECT Event | Hosted by SANS COINS program and ISSA WIS SIG | Thursday, July 27th, 6:00pm - 9:15pm | Special Events |
| Pwning NoSQL Applications for Fun and Profit | Bojan Zdrnja, ISC Handler | Thursday, July 27th, 7:15pm - 8:15pm | SANS@Night |
| Evolving Threats | Paul Henry | Thursday, July 27th, 7:15pm - 8:15pm | SANS@Night |
| You've Got Ransomware! Managing the Legal Risk of Cyber Fraud | Benjamin Wright | Thursday, July 27th, 7:15pm - 8:15pm | SANS@Night |
| Fun With NetFlow - What Are You Missing? | Lorna Hutcheson, ISC Handler | Thursday, July 27th, 7:15pm - 8:15pm | SANS@Night |
| IR Awakens | Tom Webb, ISC Handler | Thursday, July 27th, 8:15pm - 9:15pm | SANS@Night |
| Performing Cyber Threat Intelligence in Power Infrastructure | Manuel Humberto Santander Palaez, ISC Handler | Thursday, July 27th, 8:15pm - 9:15pm | SANS@Night |
| Infosec Rock Star: Geek Will Only Get You So Far | Ted Demopoulos | Thursday, July 27th, 8:15pm - 9:15pm | SANS@Night |
