SANS 2015 State of Application Security


Key insights from security and dev pros on app security
Do your software developers “get” security or do they tend to believe that security is a job for specialists? As for your security team, do they understand agile development methods or are they still enforcing security through compliance reviews and penetration tests?
A new study from the SANS Institute reveals there’s a closer alignment between developers (builders) and security specialists (protectors). But there’s still plenty of room for improvement. Based on a survey of 435 professionals in security management, compliance, development, design, and related disciplines, this report covers the following topics and much more:
- Different concerns and challenges between developers (builders) and security specialists: how these two roles better understand each other
- Application Security Programs: the enormous contrast between traditional AppSec programs oriented toward waterfall development, and the way applications are built today with iterative, incremental processes
- Improving AppSec across the lifecycle: how DevOps (and SecDevOps) practices and approaches are helping builders, IT operations, and defenders make systems more secure and functional
If scaling application security and helping security teams succeed is important to your organization, download SANS State of Application Security to get the full results of this one-of-a-kind survey.
A SANS Survey, written by Jim Bird, Eric Johnson, and Frank Kim. Sponsored by Hewlett-Packard Enterprise, Qualys, Veracode, Waratek, and WhiteHat Security.
Get this report delivered to your inbox
Success
Thank you for requesting a free copy of SANS 2015 State of Application Security
You may download the report from this page at any time. We will also email you a link to the report.
GET IT NOWKey insights from security and dev pros on app security
Do your software developers “get” security or do they tend to believe that security is a job for specialists? As for your security team, do they understand agile development methods or are they still enforcing security through compliance reviews and penetration tests?
A new study from the SANS Institute reveals there’s a closer alignment between developers (builders) and security specialists (protectors). But there’s still plenty of room for improvement. Based on a survey of 435 professionals in security management, compliance, development, design, and related disciplines, this report covers the following topics and much more:
- Different concerns and challenges between developers (builders) and security specialists: how these two roles better understand each other
- Application Security Programs: the enormous contrast between traditional AppSec programs oriented toward waterfall development, and the way applications are built today with iterative, incremental processes
- Improving AppSec across the lifecycle: how DevOps (and SecDevOps) practices and approaches are helping builders, IT operations, and defenders make systems more secure and functional
If scaling application security and helping security teams succeed is important to your organization, download SANS State of Application Security to get the full results of this one-of-a-kind survey.
A SANS Survey, written by Jim Bird, Eric Johnson, and Frank Kim. Sponsored by Hewlett-Packard Enterprise, Qualys, Veracode, Waratek, and WhiteHat Security.