Build crucial cyber security skills through interactive training during SANS Cyber Security Mountain 2021. Save $150 thru 6/30.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

Using Dynamic Scanning to Secure Web Apps in Development and After Deployment

  • Wednesday, May 31, 2017 at 1:00 PM EDT (2017-05-31 17:00:00 UTC)
  • Chris Kirsch, Barbara Filkins


  • Veracode

You can now attend the webcast using your mobile device!



Building secure web applications takes more than just testing the code to weed out flaws during development and keeping the servers on which it runs up to date.

Code is becoming more secure as security testing is pushed earlier in the development cycle, but public-facing web apps are still the main source of data breaches, according to 41% of respondents to the  2016 SANS Application Security Survey.

That may explain why the percentage of those respondents assigning vulnerability scanning to IT operations rather than development rose from 22 percent to 30 percent between 2015 and 2016.

To keep web apps secure, IT ops groups are increasingly adopting Dynamic Application Security Testing (DAST) tools that have long been a favorite of penetration testers and security auditors. The "black-box" testing approach of DAST allows scans without advanced knowledge of coding languages or techniques.

Many DAST tools are also able to find vulnerabilities that have nothing to do with code inconsistent or faulty server configurations, flaws in authentication and authorization schemes, or imperfect integration with firewalls and other security systems.

Register for this webcast to learn:

  •    How DAST tools can reduce dev costs and security flaws when used in both dev and ops environments.
  •    How to avoid organizational gaps between dev and ops that can make remediation difficult.
  •    How to identify quick wins by closing unsuspected gaps in security;
  •    How to automate and manage regular scans and create security baselines to be used as standards for vulnerability scanning and infrastructure planning.

Click here and you'll be among the first to receive an associated whitepaper with full analysis and explanation of these and other AppSec/vulnerability scanning issues and a Q&A for attendees with report author and SANS expert Barbara Filkins.

Speaker Bios

Barbara Filkins

Barbara Filkins, SANS Analyst Program Research Director, holds several SANS certifications, including the GSEC, GCIH, GCPM, GLEG and GICSP, the CISSP, and an MS in information security management from the SANS Technology Institute. She has done extensive work in system procurement, vendor selection and vendor negotiations as a systems engineering and infrastructure design consultant. Barbara focuses on issues related to automation—privacy, identity theft and exposure to fraud, plus the legal aspects of enforcing information security in today’s mobile and cloud environments, particularly in the health and human services industry, with clients ranging from federal agencies to municipalities and commercial businesses.

Chris Kirsch

Chris Kirsch has 20 years of experience in security, particularly in the areas of application security testing, security assessments, incident response and cryptography. Chris is a director in the product strategy group at Veracode. Previously, he managed Metasploit and incident response solutions at Rapid7 and held similar positions at Thales e-Security and PGP Corporation. Chris has spoken at various international conferences and is co-author of the book Database Encryption and Key Management for Microsoft SQL Server 2008.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.