3 Days Left to get an iPad, Chromebook or $350 Off with Online Training


To attend this webcast, login to your SANS Account or create your Account.

Taking Control of Your Application Security

  • Tuesday, January 10th, 2017 at 3:00 PM EST (20:00:00 UTC)
  • Eric Johnson and Lance Spitzner
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


How do organizations take control of their application security? Chances are, at any given moment, your organization's applications are under attack. The bad guys see your applications as the front door, and a single bad line of code allows them entry. Through a mobile app, web application, or REST API, attackers can pivot to a backend database, your business partner's workstation, or even a payment processing vendor. As development teams continue to push new applications to web, mobile, and cloud environments, the need for an application security program is at an all-time high.

Here's the problem: the application security space has nearly twice as many job openings as candidates. For every 100 developers, there are roughly 10 operations team members and only 1 security professional.

Explore the real-world impact of application security breaches, discuss some alarming statistics and trends, and walk through a series of practical steps for building security into applications from the beginning. Attendees will walk away with actionable ideas and recommended practical tools to help improve their application security program.

Speaker Bios

Eric Johnson

Eric Johnson, the Application Security Curriculum product manager at SANS, is the lead author and instructor for DEV544 Secure Coding in .NET, as well as an instructor for DEV541 Secure Coding in Java/JEE. A senior security consultant at Cypress Data Defense, Eric's experience includes web and mobile application penetration testing, secure code review, risk assessment, static source code analysis, security research and developing security tools. He currently holds the CISSP, GWAPT, GSSP-.NET and GSSP-Java certifications.

Lance Spitzner

Lance Spitzner has over 20 years of security experience in cyber threat research, awareness and training. He invented the concept of honeynets, founded the Honeynet Project and published three security books. Lance has worked and consulted in over 25 countries and helped over 350 organizations plan, maintain and measure their security awareness programs. In addition, Lance is a member of the Board of Directors for the National Cyber Security Alliance, frequent presenter, serial tweeter (@lspitzner) and works on numerous community security projects. Before working in information security, Mr. Spitzner served as an armor officer in the Army's Rapid Deployment Force and earned his MBA from the University of Illinois.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.