One More Week for MacBook Air, $400 Amazon Gift Card, or Take $400 Off with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

John Pescatore Analyst Webcast - Actionable Tools for Convincing Management to Fund Application Security

  • Friday, October 04, 2013 at 1:00 PM EDT (2013-10-04 17:00:00 UTC)
  • John Pescatore, Jeremiah Grossman


  • WhiteHat Security

You can now attend the webcast using your mobile device!



A 2012 SANS survey revealed that obtaining management buy-in and funding were the major obstacles to implementing an application security program. At the SANSFire conference in June 2012, SANS Director of Emerging Security Trends John Pescatore moderated an application security roundtable that focused on this issue. The consensus was that there is a lack of information, tools and techniques for security managers to use in convincing management of the need for application security.

This roundtable kicked off a SANS effort to produce two tools to aid managers: a report detailing what methods of justification have seen success; and a simple model for determining appropriate levels of spending on application security based on an organizations level of threat, compliance and business position. This webinar will discuss the results of this effort, demonstrate the workings and of the model, and review several industry examples. Join us in exploring how to advance the state of application security across the industry.

Attend this webcast and be among the first to receive access to these tools as explained in an associated whitepaper.

Click here to view the associated whitepaper.

Speaker Bios

Jeremiah Grossman

Jeremiah Grossman founded WhiteHat Security in August 2001. A world-renowned expert in Web security, Mr. Grossman is a founder of the Web Application Security Consortium (WASC), and was named to InfoWorld's Top 25 CTOs for 2007.

Mr. Grossman is a frequent speaker at industry events including the Black Hat Briefings, RSA Confeedge attack and defensive techniques and is a co-author of XSS Attacks: Cross Site Scripting Exploits and Defense.

Mr. Grossman is frequently quoted in major media outlets such as USA Today, the Washington Post, The Financial Times, InformationWeek, InfoWorld, USA Today, PC World, Dark Reading, SC Magazine, CNET, CSO and NBC news. He frequently alerts the media community to the latest attacks and is not only able to offer in-depth commentary, but also provide his perspective of what's to come. Mr. Grossman was named a "friend of Google" and is also an influential blogger ( who offers insight and encourages open dialogue regarding current research and vulnerability trend information.

Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo! responsible for performing security reviews on the company's hundreds of websites. Before Yahoo!, Mr. Grossman worked for Amgen, Inc.

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013. He has 35 years experience in computer, network and information security. Prior to joining the SANS Institute, Mr. Pescatore was Gartnerís lead security analyst for 13 years, working with global 5000 corporations and major technology and service providers. Before joining Gartner, Mr. Pescatore was Senior Consultant for Entrust Technologies and Trusted Information Systems, where he started, grew and managed security consulting groups focusing on firewalls, network security, encryption and Public Key Infrastructures. Prior to that, Mr. Pescatore spent 11 years with GTE developing secure computing and telecommunications systems. Mr. Pescatore began his career at the National Security Agency, where he designed secure voice systems, and the United States Secret Service, where he developed secure communications and surveillance systems. He holds a Bachelor's degree in Electrical Engineering from the University of Connecticut and is a NSA Certified Cryptologic Engineer. He is also an Extra class amateur radio operator, callsign K3TN.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.