Resources

Links

The SANS Software Security Community provides a variety of resources. Interact with your fellow professionals and appsec experts on the SANS AppSec Blog or discover solutions to appsec related issues with a multitude of webcasts.

Whitepapers

Runtime Application Self-Protection (RASP), Investigation of the Effectiveness of a RASP Solution in Protecting Known Vulnerable Target Applications
By Alexander Fry on May 1, 2019

One-Click Forensic Analysis: A SANS Review of EnCase Forensic
By Jake Williams on Jun 27, 2018

Cloud Security: Are You Ready?
By Dave Shackleford on Jun 18, 2018

How To Guide

The SANS Developer How To Guide provides developers with simple code examples that quickly show how to prevent common security vulnerabilities.

Blog Posts

Exploring the DevSecOps Toolchain
Oct 14, 2018

Your Secure DevOps Questions Answered
Sep 13, 2018

Continuous Opportunity - DevOps and Security
Aug 23, 2017

Webcasts

NoSQL Doesn�t Make you NoVulnerable
By Johannes Ullrich on Apr 21, 2017

Mobile App Security Trends and Techniques
By Gregory Leonard on Apr 7, 2017

Struts-Shock: Current Attacks against Struts2 and How to Defend Against Them
By Johannes Ullrich and Jonathan Mandell on Apr 6, 2017

Videos

Non-repudiation
By Jason Lam and Dr. Johannes Ullrich

AJAX and Web 2.0 Security
By Jason Lam and Dr. Johannes Ullrich

The Value of Code Scanning
By Dinis Cruz

"The course used real code with simple scenarios illustrating a full attack scenario and how to fix the vulnerabilities."
- Jeffrey Bell, Lockheed Martin

"Teaches important security concepts that allow developers to build solid applications."
- Marcus Gunn, Lockheed Martin

"Great course with lots of info. I've gotten more out of Day 1 than I have in a complete week of some other classes."
- Chris Yokley, Baldwin County Commission