Explore effective application security techniques for the DevOps era in this 32-minute conference talk from AppSec EU 2017. Learn how to adapt traditional heavyweight security controls like static analysis and dynamic scanning to lightweight efforts that align with modern development and deployment practices. Discover methods for obtaining visibility that enables, rather than hinders, rapid iteration by development and DevOps teams. Gain insights on measuring the maturity of your organization's security efforts in practical, non-theoretical ways. The talk covers topics such as bottom-up and top-down static analysis, proactive alerting, challenges in dynamic scanning, security policies, and breaking down silos between teams. Understand the shift from legacy approaches to modern feedback visibility and continuous testing, ultimately aiming to create a more effective software development lifecycle for the DevSecOps era.