I had a great time attending the Gartner Security and Risk Management conference in Washington DC, where I was able to hear from industry experts on various topics including application security. Application security is indeed complicated due to the rapid change in deployment models and the need for enterprises to adopt multiple approaches such as legacy, VMs, containers, and serverless computing. The trend of integrating security with agile/DevOps style development, known as DevSecOps, is gaining momentum, with a focus on shifting security left into the development process. Additionally, crowdsourced security through bug bounty programs is becoming increasingly mainstream, offering an alternative approach to traditional penetration testing methods. As a result, infrastructure-based controls are becoming less relevant, and the focus is shifting towards securing APIs and other application-level vulnerabilities.