OnDemand Includes 4 Months Access to Course Content - Special Offers Available Now!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Managing Applications Securely: A SANS Survey

  • Wednesday, April 27, 2016 at 1:00 PM EDT (2016-04-27 17:00:00 UTC)
  • Johannes Ullrich, Amit Ashbel, Tim Jarrett, Ryan O'Leary


  • Checkmarx Ltd.
  • Veracode
  • WhiteHat Security

You can now attend the webcast using your mobile device!



Applications and software components, particularly web and mobile apps, have proven difficult to manage and secure, according to the SANS 2015 survey on application security. This year's survey explores how organizations are improving their application security practices, and what they still need help with.

Webcast attendees will gain insight into best practices and get advice about managing the security of their applications. Specifically, they will learn:

  • What applications introduced the most risk into respondents' environments in 2015
  • What percentage of their breaches resulted from badly-coded applications versus how many came from configuration-induced vulnerabilities
  • How frequently organizations test the security of their applications in production
  • What tools are most useful in protecting applications in production
  • Management challenges around commercial third-party applications and applications hosted in the public cloud.

Be among the first to receive the associated whitepaper written by Johannes Ullrich, SANS dean of research

View the associated whitepaper here.

Speaker Bios

Johannes Ullrich

Johannes Ullrich, dean of research at the SANS Technology Institute, is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. His research interests include IPv6, network traffic analysis and secure software development. In 2004, Network World named Johannes one of the 50 most powerful people in the networking industry, and SC Magazine named him one of the top five influential IT security thinkers for 2005. Prior to working for SANS, Johannes served as a lead support engineer for a web development company and as a research physicist.

Amit Ashbel

Amit Ashbel, a cyber security evangelist at Checkmarx, has been with the security community for over a decade and has taken on multiple tasks and responsibilities, including technical and senior product lead positions. Amit has experience with a wide range of security solutions including network, endpoint, fraud detection, and application security. This, in addition to his familiarity with emerging threats, allows him to address multiple aspects of an organization's security portfolio while constantly studying how organizations can adapt to the ever changing landscape. Amit speaks at high-profile events and conferences such as Blackhat, Defcon, OWASP and others.

Tim Jarrett

Tim Jarrett is senior director of enterprise security strategy at Veracode. A Grammy-award winning product professional, he joined Veracode in 2008 and obsesses about how to make the world safe for—and from—software. He can be found on Twitter as @tojarrett.

Ryan O'Leary

Ryan O'Leary is the Chief Security Research Officer of the Threat Research Center and Technical Support at WhiteHat Security. He joined WhiteHat Security as an ethical hacker in 2007 and has since developed a breadth of experience finding and exploiting web application vulnerabilities and configuring automated tools for testing. Ryan manages a team of over 150 security engineers, based in three locations over two continents. He is also responsible for overseeing the delivery of WhiteHat Sentinel, which services over 10,000 customer websites. Under Ryan's leadership, the team has built a one-of-a-kind database that combines details of more than 26M vulnerability patterns with proprietary algorithms to assess the threat level.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.