Report

SANS 2015 State of Application Security

Key insights from security and dev pros on app security

Do your software developers “get” security or do they tend to believe that security is a job for specialists? As for your security team, do they understand agile development methods or are they still enforcing security through compliance reviews and penetration tests?

A new study from the SANS Institute reveals there’s a closer alignment between developers (builders) and security specialists (protectors). But there’s still plenty of room for improvement. Based on a survey of 435 professionals in security management, compliance, development, design, and related disciplines, this report covers the following topics and much more:

  • Different concerns and challenges between developers (builders) and security specialists: how these two roles better understand each other
  • Application Security Programs: the enormous contrast between traditional AppSec programs oriented toward waterfall development, and the way applications are built today with iterative, incremental processes
  • Improving AppSec across the lifecycle: how DevOps (and SecDevOps) practices and approaches are helping builders, IT operations, and defenders make systems more secure and functional

If scaling application security and helping security teams succeed is important to your organization, download SANS State of Application Security to get the full results of this one-of-a-kind survey.


A SANS Survey, written by Jim Bird, Eric Johnson, and Frank Kim. Sponsored by Hewlett-Packard Enterprise, Qualys, Veracode, Waratek, and WhiteHat Security.

Get this report delivered to your inbox

Success

You have unlocked a free copy of SANS 2015 State of Application Security

You may download the report from this page at any time.

GET IT NOW

Key insights from security and dev pros on app security

Do your software developers “get” security or do they tend to believe that security is a job for specialists? As for your security team, do they understand agile development methods or are they still enforcing security through compliance reviews and penetration tests?

A new study from the SANS Institute reveals there’s a closer alignment between developers (builders) and security specialists (protectors). But there’s still plenty of room for improvement. Based on a survey of 435 professionals in security management, compliance, development, design, and related disciplines, this report covers the following topics and much more:

  • Different concerns and challenges between developers (builders) and security specialists: how these two roles better understand each other
  • Application Security Programs: the enormous contrast between traditional AppSec programs oriented toward waterfall development, and the way applications are built today with iterative, incremental processes
  • Improving AppSec across the lifecycle: how DevOps (and SecDevOps) practices and approaches are helping builders, IT operations, and defenders make systems more secure and functional

If scaling application security and helping security teams succeed is important to your organization, download SANS State of Application Security to get the full results of this one-of-a-kind survey.


A SANS Survey, written by Jim Bird, Eric Johnson, and Frank Kim. Sponsored by Hewlett-Packard Enterprise, Qualys, Veracode, Waratek, and WhiteHat Security.