SANS What Works in Application Security Summit 2011

Summit Agenda:

- How Real World Software Security Programs Work - Panel

Security in the SDLC involves a lot of stakeholders and consists of activities like code reviews, threat modeling, risk analysis, penetration testing, and training to name just a few. Navigating the people, processes, and technology that are required to create secure software is a lot of work. Panelists will discuss how they made the software security programs successful. 

- Software Experts on Security - Expert Panel

Developers don't attend security conferences. Additionally, most software development conferences don't have a focus on software security. Often, developers are focused on learning new tools and only have time to meet deadlines. How can we bridge the gap between security and software development? Panelists, who are experts in software secure software.  

- Software Security Architecture in Practice - Panel

The earlier you find a defect the cheaper it is to fix. Why then aren't more resources allocated to finding issues during design and architecture? Panelists from security architecture teams at large companies discuss their approaches to reducing application security risk. 

- What Enterprises Should be Doing but Aren't - Panel

Many organizations recognize the value of software security and are proactively working on reducing critical software vulnerabilities. But, what's not being done? Panelists discuss what needs to be done now so that future.  

- How to Scale Your AppSec Program - Panel

Imagine that you have hundreds of applications and thousands of developers in your organization. Now you need to apply secure development practices to all projects in your company. What do you do? Panelists from large enterprises discuss how they scaled their application security programs grow their security capabilities.  

- Meaningful Software Security Metrics - Expert Panel

How can we make software security metrics meaningful to business and technical application owners. Panelists will discuss metrics that are working today and metrics that we should and will be using in the future to measure the success of software security efforts.   

- How to Detect Application Fraud - Panel

When attackers utilize legitimate functionality to abuse your application and defraud your organization how do you detect it? Panelists will discuss the challenges that their companies face analyzing attacks and preventing application fraud. 

- The Future of Application Security Tools - Vendor Panel

Panelists from application security vendors will share their vision for the future of software security tools and discuss how commonly used tools (static analysis, black box testing, WAF, etc) can be best leveraged and integrated to provide the most value for customers. Post-Summit Courses:

Security 542: Web App Penetration Testing and Ethical Hacking

Developer 522: Defending Web Applications Security Essentials

Developer 541: Secure Coding in Java/JEE: Developing Defensible Applications

Developer 544: Secure Coding in .NET: Developing Defensible Applications

Developer 543: Secure Coding in C

Developer 304: Software Security Awareness

Hear from people who attended the last Summit:

"Great Summit! It gave the Who, the What, the Haws and the Knots from real-life experiences." - Rollo Guzman, Hess

"This Summit provides an excellent means to stay informed on what is available today; and what the current and emerging issues are." - Yong Chloe, SAIC

"Excellent presentations of practical experiences." - Rich Lansing, Bloomberg

Register Now!