Interactive Courses + Cyber Defense NetWars Available During SANS Scottsdale: Virtual Edition 2021. Save $300 thru 1/27.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

Enhanced Application Security for the Financial Industry

  • Tuesday, January 17, 2017 at 1:00 PM EST (2017-01-17 18:00:00 UTC)
  • Mike Ware, Steve Kosten


  • Synopsys

You can now attend the webcast using your mobile device!



Application security is a growing concern for all businesses embracing a digital transformation, but in the financial sector, it is a top-level priority. With cyberattacks increasing in frequency and sophistication, financial institutions face the challenge of securing diverse portfolios of web and mobile applications that handle high volumes of transactions and sensitive data.

Organizations in the financial services industry go to great lengths to secure their applications, from adhering to industry standards and best practices to investing in penetration testing and web application firewalls. Despite these efforts, many AppSec initiatives fall short and fail to adequately secure business-critical applications.

So, what can be done to move the needle? The best answer today is to use a secure software development lifecycle (SDLC). Whether developing applications in-house, outsourcing development or purchasing applications from outside vendors, a financial institution must be able to ensure that secure development practices are being followed.

In this webcast, you will learn about the elements of a secure SDLC and why baking in proactive security controls early in the lifecycle is the best hedge against bugs that could be devastating if released into the wild. Attendees also will learn more about requirements and standards as well as best practices for financial services developmentand consequences for poor practices.†

Click here to be among the first to receive the associated whitepaper written by SANS expert Steve Kosten on this topic.

Speaker Bios

Steve Kosten

Steve Kosten, an instructor for SANS’ DEV541 Secure Coding in Java/JEE: Developing Defensible Applications course, holds the GSSP-JAVA, GWAPT, CISSP and CISM certifications. Experienced in secure code review, vulnerability assessment, penetration testing and risk management, he is a security consultant at Cypress Data Defense. Steve previously performed security work in the defense and financial sectors, and headed up the security department for a financial services firm. A frequent presenter at security-related conferences, he is currently leader of the Denver chapter of the Open Web Application Security Project (OWASP).

Mike Ware

Mike Ware leads Cigitalís Southeast Practice in Atlanta, Georgia, where he advises clients on establishing and maturing software security initiatives. He joined Cigital in 2008 and has successfully led Cigitalís largest software security implementations, particularly in the financial and healthcare sectors. Mike leverages a unique background in software engineering, information security and management consulting when advising CISOs on cost-effectively scaling security practices to manage business risks. In 2011, Mike served as Cigitalís inaugural Static Analysis Practice director, where he developed Cigitalís offerings and led teams responsible for Cigitalís largest static analysis implementations. As a leader of Cigitalís Southeast management team, Mike is responsible for delivery operations and account management.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.