SANS Survey on Application Security Programs and Practices


Over the past five years, applications—particularly web applications—have been increasingly leveraged as a top vector of attack. With the trend toward mobile applications and cloud computing, SANS decided to conduct this rst SANS survey on application security to focus on understanding what works in application security (aka “appsec”) and why. We wanted to address the following specific questions:

• What is driving organizations’ application security programs?

• Where do organizations see the greatest risks?

• Where are organizations focusing their application security resources?

• What practices are most organizations following?

• What tools and services do organizations rely on the most?

• What are the specific challenges to organizations’ application security programs?

• How mature are organizations’ programs?

• How effective are organizations’ programs?



MORE ON Data Management

MORE ON IT Security

MORE ON Platforms