One Week Left to Get an 11" iPad Pro with Apple Pencil w/ OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

The Promise and Pitfalls of Security Testing Today

  • Tuesday, May 09, 2017 at 3:00 PM EDT (2017-05-09 19:00:00 UTC)
  • Setu Kulkarni, Mark Geeslin


  • WhiteHat Security

You can now attend the webcast using your mobile device!



Both the underlying technologies and the development methodologies of web applications have dramatically shifted in recent history. The tools and techniques of security testing from just a few short years ago are ill-suited to applications developed today, which employ the design principles of RESTful web services and single-page applications. Furthermore, current development processes such as CI/CD and DevSecOps require compatible security testing approaches that are highly responsive and efficient. Results must be obtained within minutes, or even seconds, as opposed to the hours and days permitted in the past. Automated web application vulnerability scanners are both too slow and too shallow in their analysis, while manual penetration testing seems to be unable to keep pace with the speed of development.

How can security testing be most effectively performed against today's applications that are developed and deployed continuously with no apparent time for adequate analysis and verification? In this webinar we will discuss a proven approach to security testing that employs a judicious balance of architectural reviews, SAST and DAST technology, custom "functional" testing, and manual penetration testing in order to produce a robust framework which can be used to achieve a high-degree of security assurance, while allowing for the rapid pace of development required in today's environment.

Speaker Bios

Mark Geeslin

Mark Geeslin is a Senior Principal Software Engineer and Director of Application Security at Asurion. Mark has been working in the software development and security industries for over 25 years in numerous and diverse environments, ranging from high-tech security start-ups to Fortune 100 companies. In recent years he has directed the application security programs at leading software technology firms in Silicon Valley. Besides his extensive experience as a software engineer, Mark's expertise includes large-scale application security assessments, penetration testing, threat modeling & architectural risk analysis, static & dynamic software security analysis, secure code review, and security research. Mark has earned advanced degrees in both computer science and theology, and currently holds the GWAPT, GMOB, GSSP-Java, GSSP-.NET, and GSEC certifications.

Setu Kulkarni

As the Vice President of Product Management, Setu is responsible for product vision, strategy, and direction at WhiteHat Security. Setu joins the WhiteHat leadership team after a 10+ year stint at TIBCO Software Inc., where he most recently led product management and strategy for the Operational Intelligence product portfolio. During his many years at TIBCO, he led a variety of strategic and operational initiatives – building the SOA platform for the Integration and BPM businesses, building the business launch platform for TIBCO’s cloud business, mainstreaming the LogLogic acquisition, and developing the next-gen ITOA offering. Earlier in his career, Setu has held engineering and pre-sales roles in India and Europe while working for NDS, Infosys, Adobe, and TIBCO before moving into product leadership positions in the U.S. He earned an engineering degree in computer science and engineering from Visvesvaraya Technological University, India.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.