SANS Open-Source Intelligence (OSINT) Summit & Training offers immersive cyber security courses and a free Summit!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Getting Started with Web Application Security

  • Thursday, February 11, 2016 at 1:00 PM EST (2016-02-11 18:00:00 UTC)
  • Joseph Feiman, Gregory Leonard


  • Veracode

You can now attend the webcast using your mobile device!



Chances are, at any given moment, your organization's web applications are under attack (if not already exploited). Attackers see web applications as the front door: just one vulnerability allows them entry - perhaps to the database supporting the web application or maybe to your business partners, such as the payment processing vendor supporting your application.

In this webcast, learn why Cross Site Scripting, SQL Injection, Input Validation and other common vulnerabilities continue to plague web applications. Speakers will discuss what types of web apps are most targeted (such as Java and .NET, according to the 2015 SANS Application Security Survey), why these types of applications are targeted, and what the common outcomes of these types of breaches are.

Presenters will also provide educational and technical resources to help security operations teams proactively manage their web applications by finding and reducing vulnerabilities - before attackers can take advantage of them.

Attend this webcast and be among the first to receive the associated whitepaper written by SANS Instructor, Gregory Leonard.

View the associated whitepaper here.

Speaker Bios

Gregory Leonard

Gregory Leonard is a co-author and instructor for the  DEV541 Secure Coding in Java/JEE: Developing Defensible Applications course and holds the GSSP-Java certification. He has more than 17 years of experience in software development, with an emphasis on writing large-scale enterprise applications. Greg’s responsibilities over the course of his career have included ensuring application architecture and security, performing infrastructure design and implementation, providing security analysis, conducting code reviews and evaluating performance diagnostics. He is currently an application security consultant at Optiv Security.

Joseph Feiman

Joseph Feiman is Chief Innovation Officer at Veracode. In this role, Joseph is responsible for advanced technologies that drive innovative detection and protection strategies. Joseph is a recognized industry leader with nearly two decades' experience in application development and security, analyzing the market for Gartner Research. Prior to joining Veracode, Joseph was a research vice president and Gartner Fellow, focusing on application and data security within the enterprise security research team. A trusted advisor to CISOs around the world, his work earned him two Gartner Thought Leadership Awards and excellence award. Joseph is widely credited with shaping the application security market and creating the runtime application self-protection (RASP) category, an innovative approach to protecting applications from cyberattacks. Jospeh is well recognized and sought after speaker at industry events and has helped shape the dialog on security and information risk for enterprises.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.