SANS 2021 features 30+ Interactive Courses, Three NetWars Tournaments, Trivia Night, and Bonus Talks. Save $150 thru Tomorrow!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Missing Information About Security Misconfiguration? Explore this often-used vulnerability category through data from 1000+ pentests

  • Thursday, June 06, 2019 at 1:00 PM EDT (2019-06-06 17:00:00 UTC)
  • John Pescatore, Joe Sechman


  • Cobalt Labs, Inc.

You can now attend the webcast using your mobile device!



On the surface, Security Misconfiguration seems intuitive, but year after year, this OWASP Top Ten member tops our list as the most (quantitatively) discovered category. It's time to ask, "why and what actually does Security Misconfiguration mean anyway?"

One of the most challenging aspects of vulnerability management, as a whole, comes into play when we talk about remediation prioritization. We collect, prioritize and mitigate vulnerabilities. It's a vicious cycle.

Speaker Bios

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013 after more than 13 years as lead security analyst for Gartner, running consulting groups at Trusted Information Systems and Entrust, 11 years with GTE, and service with both the National Security Agency, where he designed secure voice systems, and the U.S. Secret Service, where he developed secure communications and surveillance systems and "the occasional ballistic armor installation." John has testified before Congress about cybersecurity, was named one of the 15 most-influential people in security in 2008 and is an NSA-certified cryptologic engineer.

Joe Sechman

Joe Sechman is the Vice President of Security Operations at His diverse technical background spans web development, systems administration, advanced attack and penetration testing, and enterprise software security research disciplines.

Over his career, Joe has executed hundreds of pentests, authored several publications, contributed to nine intellectual property disclosures, and is co-inventor of an automated approach to comprehensively discover the attack surface of an application under test.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.