Get unparalleled cyber security training from industry leaders in Santa Monica. Save $200 thru 9/18.


To attend this webcast, login to your SANS Account or create your Account.

2015 Application Security Survey, Part 1: Defender Issues

  • Wednesday, May 13th, 2015 at 1:00 PM EDT (17:00:00 UTC)
  • Eric Johnson, Will Bechtel, Robert Hansen and Brian Maccaba
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • Hewlett Packard
  • Qualys
  • Veracode
  • Waratek
  • WhiteHat Security

You can now attend the webcast using your mobile device!


In today's world where applications are distributed through cloud and mobile platforms, the risks to vulnerable applications are multiplying. Application managers are looking for ways to consolidate controls around their disparate applications and assign the proper staff, leadership and workflow processes to do this.

Based on the 2014 Application Security Programs and Practices survey, application security is on the rise, with 83% of 488 respondents reporting some sort of application security program in place (up from 66% in SANS' 2013 survey). In the 2014 survey, respondents' primary focus for their security programs was around web applications.

This year's survey intends to find out how the rise of mobility and cloud applications is changing respondents' application security program efforts and to gather best practice advice for secure management of disparate applications throughout their lifecycle.

This first session of a two-part webcast will focus on the management issues surrounding application security. Part 2, held on Thursday, May 14, will focus on issues in application development.

Attend this webcast and the Part 2 webcast to explore such issues as:

  • Responsibility for security of applications
  • Application life cycle management
  • Visibility into internal applications compared to those hosted in the cloud
  • Degree to which organizations manage mobile apps and the associated risks
  • Outsourcing of application security/management
  • Application frameworks and how security is integrated into those frameworks
  • Performance of existing appsec programs
  • Future plans

Your attendance ensures that you'll be among the first to receive the associated whitepaper written by Jim Bird with input from Frank Kim and Eric Johnson.

View the associated analyst paper here.

Speaker Bios

Eric Johnson

Eric is a co-founder and principal security engineer at Puma Security focusing on modern static analysis product development and DevSecOps automation. His experience includes application security automation, cloud security reviews, static source code analysis, web and mobile application penetration testing, secure development lifecycle consulting, and secure code review assessments.

Previously, Eric spent 5 years as a principal security consultant at an information security consulting firm helping companies deliver secure products to their customers, and another 10 years as an information security engineer at a large US financial institution performing source code audits.

As a Certified Instructor with the SANS Institute, Eric authors information security courses on DevSecOps, cloud security, secure coding, and defending mobile apps. He serves on the advisory board for the SANS Security Awareness Developer training program, delivers security training around the world, and presents security research at conferences including SANS, BlackHat, OWASP, BSides, JavaOne, UberConf, and ISSA.

Eric completed a bachelor's degree in computer engineering and a masters degree in information assurance at Iowa State University, and currently holds the CISSP, GWAPT, GSSP-.NET, and GSSP-Java certifications.

Will Bechtel

Will Bechtel is the director of product management for the Web Application Scanning and Malware Detection Service at Qualys. Prior to joining Qualys, Will was the application security practice lead for AT&T's Security Consulting and a senior consulting manager in the Application Security Practice for VeriSign's Global Security Consulting. Will has extensive experience working with organizations worldwide to enhance application security programs.

Robert Hansen

Robert Hansen is vice president of WhiteHat Labs at WhiteHat Security. He's the former chief executive of SecTheory and Falling Rock Networks, which focused on building a hardened OS. Robert began his career in banner click fraud detection and has provided managed security services and served as a senior global product manager of Trust and Safety. Robert has co-authored "XSS Exploits" by Syngress Publishing and wrote the eBook, "Detecting Malice." He is a member of WASC, APWG, IACSP, ISSA, APWG and has contributed to several OWASP projects, including originating the XSS Cheat Sheet. His passion is breaking web technologies to make them better.

Brian Maccaba

Brian Maccaba, Waratek CEO, brings more than 25 years’ experience to the role. Brian has founded five technology companies during his career. He is renowned for his ability to spot disruptive technologies and was one of the first CEOs to recognize the potential of the Internet for revolutionizing the financial services industry. He led his former company, Cognotec, to develop AutoDeal, a pioneering web-based foreign exchange trading platform that was adopted by more than 60 banks worldwide. London Institutional Investor magazine named Brian among the top 30 individuals in Europe and Asia who were harnessing the Internet to transform the financial services industry.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.