Resources: Webcasts


SANS Webcasts are live web broadcasts that allow you to hear a knowledgeable speaker while viewing presentation slides that you download in advance. You need either Real Audio Player or Windows Media Player (free downloads are available on the webcast access page), and a SANS Account. If you aren't a member of the Community, just go to the Join Community page and fill in the simple registration form, it's free.

Title Speaker Date Sponsor
NoSQL Doesn’t Make you NoVulnerable Johannes Ullrich Apr 21, 2017 --
Mobile App Security Trends and Techniques Gregory Leonard Apr 7, 2017 --
Struts-Shock: Current Attacks against Struts2 and How to Defend Against Them Johannes Ullrich and Jonathan Mandell Apr 6, 2017 Veracode
Increasing Software Security Up and Down the Supply Chain John Pescatore, Steve Lipner, John Martin, and Chris Wysopal Apr 4, 2017 Veracode
Best practices for securing, analyzing, and mitigating threats to your AWS applications Sesh Sayani, Mike Janik, and Scott Ward Mar 28, 2017 Gigamon
MobileIron Security Labs: Combatting the Current State of Mobile Enterprise Security James Plouffe Mar 23, 2017 MobileIron
Real DevSecOps for the Security Practitioner Jenks Gibbons Mar 1, 2017 CloudPassage
Continuous Integration: Static Analysis with Visual Studio & Roslyn Eric Johnson Feb 24, 2017 --
Cross Origin Resource Sharing: Using CORS to secure AJAX Clay Risenhoover Feb 3, 2017 --
Attacks on Databases: When NoSQL became NoDatabase Matt Bromiley Jan 20, 2017 --
Enhanced Application Security for the Financial Industry Steve Kosten and Mike Ware Jan 17, 2017 Synopsys
Winning the Culture War: Infusing Security into the Software Development Culture Mark Geeslin and Setu Kulkarni Dec 14, 2016 WhiteHat Security
Hummingbad: Tools & Techniques To Use When Inspecting Android Applications Cindy Murphy and Chris Crowley Dec 9, 2016 --
Continuous Opportunity: DevOps & Security Ben Allen Oct 12, 2016 --
Going Mobile: Are Your Apps Putting You at Risk? Eric Johnson Sep 26, 2016 --
HTTP/2 & Websockets Are Gonna Change the Pen Test World. Are You Ready? Justin Searle and Adrien de Beaupre Apr 13, 2016 --
Benchmarking AppSec: A Metrics Pyramid SANS Instructor Jim Bird and Tim Jarrett Mar 15, 2016 Veracode
A DevSecOps Playbook Dave Shackleford and Amrit Williams Mar 8, 2016 CloudPassage
Getting Started with Web Application Security Gregory Leonard and Joseph Feiman Feb 11, 2016 Veracode
Risky Business: Evaluating the True Risk to your Security Program Johannes Ullrich, Demetrios Lazarikos, Mike Goldgof, and Jenna McAuley Feb 8, 2016 WhiteHat Security
Why You Need Application Security Johannes B. Ullrich, Ph.D. and Joseph Feiman Jan 28, 2016 Veracode
WhatWorks in AppSec: ASP.NET Web API Security Eric Johnson Jan 14, 2016 --
What Works in Reducing Web Application Vulnerabilities: Using to WhiteHat Sentinel to Increase Application Security Before and After Production Deployment John Pescatore Sep 10, 2015 WhiteHat Security
Analyst Webcast: RASP vs. WAF: Comparing Capabilities and Efficiencies Jake Williams Aug 14, 2015 HP
Protecting Third Party Applications with RASP Eric Johnson and Cindy Blake Jul 30, 2015 Hewlett Packard
WhatWorks in AppSec: ASP.NET Identity and AntiForgery Tokens Eric Johnson Jul 24, 2015 --
How to Detect SQL Injection & XSS Attacks with AlienVault USM Mark Allen and Garrett Gross Jul 15, 2015 AlienVault
Blocking XSS attacks with Content Security Policy Greg Leonard Jun 22, 2015 --
Node.js: Successful, exciting... and bares security risks Amit Ashbel Jun 9, 2015 Checkmarx Inc.
Dont risk it - Using a risk-based approach to increase the security of web apps and other IT assets. John Pescatore and Demetrios Lazarikos May 28, 2015 WhiteHat Security
2015 Application Security Survey, Part 2: Builder Issues Eric Johnson, Maria Loughlin and Bruce Jenkins May 14, 2015 Hewlett Packard
2015 Application Security Survey, Part 1: Defender Issues Eric Johnson, Will Bechtel, Robert Hansen and Brian Maccaba May 13, 2015 Hewlett Packard
What's in your software? Reduce risk from third-party and open source components. Adrian Lane and Phil Neray Nov 18, 2014 Veracode
Database Encryption - Defining the Root of Trust Andreas Philipp and Greg Porter Sep 19, 2014 Utimaco
More web traffic, more problems. How CARFAX consolidated security concerns, saved money and grew their business John Pescatore, Chris Thomas and Preston Hogue Sep 17, 2014 F5 Networks, Inc.
Building a Content Security Policy Eric Johnson Aug 19, 2014 --
SQL Injection Exploited Micah Hoffman Aug 8, 2014 --
Securing Web Applications: Identifying and Managing Risks with Programming Languages and Frameworks Johannes Ullrich and Jeremiah Grossman May 21, 2014 WhiteHat Security
The Application Blind-spot Eric Schou May 9, 2014 HP
Secrets of Exploiting Blind SQL Injection Justin Searle Apr 30, 2014 HP
How to Strengthen the "Weakest Link" with Two-Factor Authentication Mark Stanislav, Security Evangelist, Duo Security and David Kennedy, Founder, TrustedSec Mar 5, 2014 Duo Security
Successful Mitigation Techniques for 4 Common Web App Vulnerabilities Steve Kosten Feb 21, 2014 --
Application Security Programs On the Rise, Skills Lacking: A SANS Survey Frank Kim, Will Bechtel, Erik Peterson and Ryan English Feb 12, 2014 HP
How to Detect SQL Injection & XSS Attacks using SIEM Event Correlation Jan 16, 2014 AlienVault
HTML5: Risky Business or Hidden Security Tool Chest for Mobile Web App Authentication Johannes Ullrich Jan 13, 2014 --
Finding Hidden Threats by Decrypting SSL/TLS J. Michael Butler, SANS Analyst, and David Wells: VP of Product Management for SSL Visibility Products, Blue Coat Systems Nov 8, 2013 Blue Coat Systems, Inc.
"Reading the Security Tea Leaves" - The Story from 50 million Vulnerabilities Matt Johansen, Threat Research Center Manager at WhiteHat Security Inc. & Ed Bellis, CoFounder, Risk I/O, Inc Nov 7, 2013 WhiteHat Security
Securing Web Applications Made Simple and Scalable Stephen Sims, SANS Senior Instructor, Gregory Leonard, SANS Analyst, and Mark Painter, HP Oct 10, 2013 HP
John Pescatore Analyst Webcast - Actionable Tools for Convincing Management to Fund Application Security John Pescatore and Jeremiah Grossman Oct 4, 2013 WhiteHat Security
Essential Tools for Testing and Securing a Mobile Applications Portfolio Daniel Miessler Aug 22, 2013 HP
Mobile Application Security Survey Results Kevin Johnson, James Jardine, Alex Pozin, Adam Stein, and Chris Wysopal Jun 6, 2013 Box
The Secrets of Exploiting Local and Remote File Inclusion Justin Searle May 22, 2013 RSA Conference

View All webcasts | Subscribe to webcast calendar | Subscribe to webcast feed