Choose from Seven Cyber Security Courses at SANS Atlanta 2018. Save $200 thru 4/25.


To attend this webcast, login to your SANS Account or create your Account.

2015 Application Security Survey, Part 2: Builder Issues

  • Thursday, May 14th, 2015 at 1:00 PM EDT (17:00:00 UTC)
  • Eric Johnson, Maria Loughlin and Bruce Jenkins
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • Hewlett Packard
  • Qualys
  • Veracode
  • Waratek
  • WhiteHat Security

You can now attend the webcast using your mobile device!


In today's world where applications are distributed through cloud and mobile platforms, the risks to vulnerable applications are multiplying. Application managers are looking for ways to consolidate controls around their disparate applications and assign the proper staff, leadership and workflow processes to do this.

Based on the 2014 Application Security Programs and Practices survey, application security is on the rise, with 83% of 488 respondents reporting some sort of application security program in place (up from 66% in SANS' 2013 survey). In the 2014 survey, respondents' primary focus for their security programs was around web applications.

This year's survey intends to find out how the rise of mobility and cloud applications is changing respondents' application security program efforts and to gather best practice advice for secure management of disparate applications throughout their lifecycle.

Part 1 of this two-part webcast, held on Wednesday, May 13, will focus on the management issues surrounding application security. This second part of the webcast will focus on issues in application development.

Attend the Part 1 webcast, along with this webcast to explore such issues as:

  • Responsibility for security of applications
  • Application life cycle management
  • Visibility into internal applications compared to those hosted in the cloud
  • Degree to which organizations manage mobile apps and the associated risks
  • Outsourcing of application security/management
  • Application frameworks and how security is integrated into those frameworks
  • Performance of existing appsec programs
  • Future plans

Your attendance ensures that you'll be among the first to receive the associated whitepaper written by Jim Bird with input from Frank Kim and Eric Johnson.

View the associated analyst paper here.

Speaker Bios

Eric Johnson

Eric Johnson is a Principal Security Consultant at Cypress Data Defense where he leads secure software development lifecycle consulting, web and mobile application penetration testing, secure code review assessments, static source code analysis, security research, and security tools development. He also founded the Puma Scan static analysis open source project, which allows software engineers to run security-focused .NET static analysis rules during development and in continuous integration pipelines.

As a Certified Instructor with the SANS Institute, Eric authors application security courses on DevOps, cloud security, secure coding, and defending mobile apps. He serves on the advisory board for the SANS Securing the Human Developer awareness training program, delivers security training around the world, and has presented his security research at conferences including SANS, BlackHat, OWASP, BSides, JavaOne, UberConf, and ISSA.

Eric completed a bachelor of science degree in Computer Engineering and a master of science degree in Information Assurance at Iowa State University, and currently holds the CISSP, GWAPT, GSSP-.NET, and GSSP-Java certifications. He is located in West Des Moines, IA and outside the office enjoys spending time with his family, attending Iowa State athletic events, and playing golf.

Maria Loughlin

Maria Loughlin is Senior Vice President of Engineering at Veracode, where she manages the development and operations of Veracode's industry-leading Application Security software. In five years she has driven substantial growth in the product portfolio and the engineering team, scaling development practices and significantly expanding the technology stack. Loughlin has over 20 years' experience leading software development at high-growth technology, SaaS and web content companies. She most recently served as VP of Engineering at Memento Security and held prior leadership positions at Kronos, Open Market and Digital Equipment Corporation. She holds a Master's degree in computer science from Brown University and a bachelor's degree in electrical engineering from University College, Cork, Ireland.

Bruce Jenkins

Bruce Jenkins leads HP Fortify's security program and works regularly with customers on Software Security Assurance (SSA) program design, measurement and reporting. Since 2007 he has been building SSA solutions and collecting data on security program assessments across all industry sectors. Bruce has experience in managing software development and network operations, and he held CISO-, CSO- and CIO-equivalent positions during his 28-year U.S. Air Force career. Bruce is a CISSP, CSSLP and CISM, and he holds a BS in computer science and MS in management science.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.