Application security needs to be made an integral part of the full software development lifecycle, which is easier said than done. A DevSecOps approach will also support application security but what processes, tools and automation are needed to achieve this? This stream will explore the key components of this, including security auditing, penetration testing, threat modelling, design reviews and security unit testing. How can we achieve agility as well as share the responsibility for security business-wide? Also considered will be the rising serverless trend, its impact, and the demand for expertise as the lines between infrastructure and applications blur.