SANS Security East 2021 features 20+ courses - Register now to get a MacBook Air or Microsoft Surface Pro 7 or Take $350 Off


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

The Role of Vulnerability Scanning in Web App Security

  • Thursday, May 25, 2017 at 1:00 PM EDT (2017-05-25 17:00:00 UTC)
  • Ferruh Mavituna, Barbara Filkins


  • Netsparker

You can now attend the webcast using your mobile device!



The rush of custom applications to the cloud has changed more than just the platforms and threat environments of in-house developed software. Increased exposure has raised the stakes and made more organizations willing to test and remediate during development -- a la DevOps. That doesn't do anything to address the thousands of apps already online and potentially vulnerable, however.

Attacks on web apps were responsible for 41% of confirmed data breaches during 2015, according to the 2016 Verizon DBIR. In the financial services sector, web app attacks rose from 31% of the total number of successful attacks to 81% highlighting, the report said, the increasingly large-scale, commercial criminal motivation behind the attacks. Modern scanners, with up-to-date lists of XSS, SQL injection and other exploits, are designed to identify problems, show the specifics and the location to human operators. By testing for known or likely vulnerabilities in web apps -- and scanning a large number of them in a relatively short time -- modern web scanners are able to highlight areas likely to be vulnerable to exploitation, demonstrate the potential flaw with copies of the actual weak points and demonstrate their results by auto-testing suspected vulnerabilities. Their speed and automation can also make them a valuable part of a multilayer vulnerability scanning and monitoring program.

Click Here to view the associated whitepaper written by SANS Analyst and network security expert Barbara Filkins.

Speaker Bios

Barbara Filkins

Barb Filkins, a senior SANS analyst who holds the CISSP and SANS GSEC (Gold) and GCH (Gold) certifications, has done extensive work in system procurement, vendor selection and vendor negotiations as a systems engineering and infrastructure design consultant. Most recently she's been involved with HIPAA security issues in the health and human services industry with clients ranging from federal agencies (DoD and VA), municipalities and commercial businesses, focusing on issues related to automation - privacy, identity theft and exposure to fraud, as well as the legal aspects of enforcing information security. Barbara sees security as an interaction of policy, process, platforms, pipes AND people.

Ferruh Mavituna

Ferruh Mavituna is the founder and product architect of Netsparker, the only proof based web application security scanner with dead accurate vulnerability detection and exploitation features. He has a background in development (C++, ASP, ASP.NET and PHP) and has been working in the web application security industry since 2002.

Before founding Netsparker, Ferruh was a freelance security consultant and has worked for the Turkish Army, Police, and several other big customers from the USA, Canada and UK. Ferruh mostly focuses on web application security research and automated vulnerability detection & exploitation. He is a frequent speaker at web application security conferences and podcasts, and has released several research papers and tools.

Ferruh's deep understanding of both the attacking and defending aspects of web application security was the driving force behind Netsparker's success. Netsparker has pioneered several cutting edge technologies that changed the world of automated web application security. Today Netsparker is used by thousands of companies around the world and is considered as one of the leading players in the industry.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.