San Diego, California August 14-19, 2016

Best Practices for a Mature Application Security Program

Kevin Poniatowski

With 84% of all cyber-attacks occurring on the application layer*, there is little debate that applications pose the most risk to the enterprise. However, typical investment in application security is not commensurate with this risk. Determining which activities yield the most ROI is not trivial.

Application security risk mitigation requires a multi-dimensional approach that factors in your organization's expertise, processes, and threat profile. This webcast examines both the progress (and lack thereof) the industry has made, referencing research from The Ponemon Institute conducted over the past several years. Presenters will also describe risk-based measures you can take to reduce your enterprise's attack surface and rollout a secure, repeatable Software Development Lifecycle (SDLC).

  • Research from The Ponemon Institute
    • Application Security trends over last several years
    • Areas in which companies continue to struggle with/ignore security
    • Responses to emerging challenges, technologies and threats
  • Threat modeling and risk rating your applications
    • Data classification
    • Correlating frequency and depth of test activities
    • Vulnerability remediation prioritization
    • Understand the myriad of threats to different platforms
  • Optimizing your Software Development Lifecycle (SDLC)
    • Adopting standards and best practices
    • Identifying skill gaps
    • Building a roadmap and sequencing steps
  • Forbes (

About The Speaker:

Kevin has spent the last 20 years teaching development organizations the intricacies of how to create hack-resistance applications. Kevin's experience ranges from Department of Defense to major Fortune 500 companies such as HP, Amazon, VMware, Sophos, Intuit, SWIFT, Walgreens, TMX, and Liberty Mutual. Name a security problem and Kevin has seen it. Not only has he seen it, but he's taught some of the best developers in the world how to prevent and defend against it. Traveling the world in the name of software security, Kevin has spoken in 10 countries and is ready to bring you the nitty gritty reality of how to build a mature application security program.

Contact Us
© 2016 International Institute for Software Testing