Final Week to Get a MacBook Air or Surface Pro 7 with Online Training - Best Offers of the Year!


To attend this webcast, login to your SANS Account or create your Account.

Securing Web Applications Made Simple and Scalable

  • Thursday, October 10, 2013 at 1:00 PM EDT (2013-10-10 17:00:00 UTC)
  • Gregory Leonard, Mark Painter, Stephen Sims


  • HP

You can now attend the webcast using your mobile device!



Many organizations put an enormous amount of responsibility and faith into automated penetration testing frameworks, and security professionals have an obligation to ensure these tools meet these high demands. Web applications are still one of the most common vehicles in which attackers breach confidentiality, exposing sensitive data and often pivoting through into an organization's internal network. In this one-hour webcast we will take a close-up look at the latest version of HP's WebInspect tool, and give you insight as to how it can be effectively used to secure your web applications. Most importantly, we want to evaluate its effectiveness in meeting critical requirements including:

  • Automation and Ease in Configuration
  • Support for Large Scans
  • False Positive Reduction
  • Advanced Attack Technique Simulation
  • Detailed Reporting and Remediation Guidance

We will walk through various attack scenarios and examples, such as SQL Injection and Cross-Site Request Forgery (CSRF), interpreting the results and providing insight into the latest features.

Sign up for this webcast and be among the first to receive an advance copy of a SANS whitepaper containing details of Gregory Leonard's review of HP WebInspect, in which he was advised by Stephen Sims.

Click here to view the associated whitepaper.

Speaker Bios

Stephen Sims

Stephen Sims is an industry expert with over 15 years of experience in information technology and security. Stephen currently works out of San Francisco as a consultant. He has spent many years performing security architecture, exploit development, reverse engineering, and penetration testing. Stephen has an MS in information assurance from Norwich University and is a course author and senior instructor for the SANS Institute. He is the author of SANS' only 700-level course, SEC760: Advanced Exploit Development for Penetration Testers, which concentrates on complex heap overflows, patch diffing, and client-side exploits. Stephen is also the lead author on SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking and co-author of SEC599: Defeating Advanced Adversaries Purple Team Tactics & Kill Chain Defenses. He holds the GIAC Security Expert (GSE) certification as well as the CISSP, CISA, Immunity NOP, and many other certifications. In his spare time Stephen enjoys snowboarding and writing music.

Mark Painter

Mark Painter is a product marketing manager for the Fortify pillar of HP Enterprise Security Products. In this role, he is responsible for the marketing efforts for both the Fortify product suite and the Fortify on Demand professional services organization. He is also a noted security blogger and has served as editor/contributor for the last several versions of the HP Cyber Risk Report. Over the past 12 years, Mark has held marketing, product management, and security researcher/blogger positions with HP and SPI Dynamics (acquired by HP in 2007). Mark holds a Master of Arts degree in literature from the University of Tennessee.

Gregory Leonard

Gregory Leonard has over 16 years of experience in software development, with an emphasis on writing large-scale enterprise applications. Greg's responsibilities have included application architecture and security, performing infrastructure design and implementation, security analysis, code reviews, and evaluating performance diagnostics. Greg is currently focusing on overseeing the integration of secure development practices for his company.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.