Explore the challenges developers face with application security and learn effective strategies to improve DevSecOps practices in this 27-minute OWASP Foundation conference talk. Delve into Scott Gerlach's experiences building DevSecOps practices and tools at major companies like GoDaddy, SendGrid, and Twilio. Gain insights into specific obstacles hindering developers in AppSec and discover practical solutions to overcome them. Examine topics such as the role of security teams, breaking down silos, prioritizing security measures, and integrating security tools into the development process. Understand the importance of addressing security terminology, production bias, and the impact of bugs in production. Learn how to initiate security testing and foster a culture of continuous improvement in application security. Whether you're a seasoned professional or new to DevSecOps, acquire valuable knowledge to enhance your organization's approach to application security.