Final Week: Get an iPad (32 G), Galaxy Tab A, or Take $250 Off OnDemand Training - Ends Jan 27


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Application Breaches and Lifecycle Security: SANS 2017 Application Security Survey, Part 2

  • Wednesday, October 25, 2017 at 1:00 PM EST (2017-10-25 17:00:00 UTC)
  • Frank Kim, Anthony Bettini, Ryan O'Leary


  • Rapid7 Inc.
  • Synopsys
  • Tenable
  • Veracode
  • WhiteHat Security

You can now attend the webcast using your mobile device!



The first part of the two-part Application Survey results webcast, on Tuesday, October 24 at 1 p.m. Eastern focuses on the overall survey results. Click here to register for the Part 1 webcast. This webcast focuses more on the threats, how they spread and what organizations can do about it.

Breaches involving new, faster forms of development are having impact on organizations hosting and developing these apps, according to results of the SANS 2017 Application Security survey.

For example, containerized appsbuilt on reusable, community-based componentshad the most widespread impact on organizations experiencing breaches, while breaches of legacy apps were the most common, least widespread, and caused the least widespread damages. IoT-related applications, and APIs also tended to be more widespread.

In this webcast, learn how these apps and their components are breached, and how organizations are mitigating these new threats in their development and operational environments. For example, learn:

  • The controls and technologies needed to enable agile business while protecting against rogue code and other risks
  • How to design security in from the beginning so that "agile" still means agile
  • How to plan SecDevOps program with the future of faster and faster (continuous) DevOps cycles

Register for this webcast and be among the first to gain access to the associated survey results whitepaper developed by Jim Bird, editor of the SANS Software Security Blog and co-author of DEV534: Secure DevOps: A Practical Introduction.

View the associated whitepaper here.

Speaker Bios

Frank Kim

Frank is the Founder of ThinkSec, a security consulting and CISO advisory firm, as well as a SANS Fellow and lead for both the SANS Management and SANS Cloud Security curricula, overseeing two dozen SANS courses in the two fastest growing curricula. Previously, as CISO at the SANS Institute, Frank led the information risk function for the most trusted source of computer security training and certification in the world. Frank is also the author and instructor of MGT512: Security Leadership Essentials for Managers, MGT514: Security Strategic Planning, Policy, and Leadership, and co-author of SEC540: Cloud Security and DevOps Automation. Learn more about Frank here.

Anthony Bettini

Anthony Bettini is Senior Director of Software Engineering at Tenable, specializing in security automation and innovative security research. Prior to Tenable, he founded and served as CEO of FlawCheck, a container security firm acquired by Tenable in 2016. Anthony was also the founding CEO of Appthority, which won the "Most Innovative Company" distinction at RSA Conference 2012. Earlier in his career, he honed his security and leadership skills at Intel, McAfee, Foundstone, Guardent, Bindview, and Netect. A sought-after speaker at conferences such as Black Hat and RSA, Anthony was also technical editor for Hacking Exposed and holds several software patents.

Ryan O'Leary

Ryan O'Leary is the Chief Security Research Officer of the Threat Research Center and Technical Support at WhiteHat Security. He joined WhiteHat Security as an ethical hacker in 2007 and has since developed a breadth of experience finding and exploiting web application vulnerabilities and configuring automated tools for testing. Ryan manages a team of over 150 security engineers, based in three locations over two continents. He is also responsible for overseeing the delivery of WhiteHat Sentinel, which services over 10,000 customer websites. Under Ryan's leadership, the team has built a one-of-a-kind database that combines details of more than 26M vulnerability patterns with proprietary algorithms to assess the threat level.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.