Explore the effectiveness of AppSec training for developers in this 33-minute OWASP Foundation conference talk. Dive into the results of a yearlong survey of nearly 1,000 software developers, assessing their application security knowledge before and after formal training. Examine the survey methodology, which includes developers from various backgrounds and industries, and discover the surprising findings from a "retest" of a subset of respondents. Learn about the gap between security awareness and prescriptive knowledge, the impact of sample fatigue, and unexpected results from technology companies. Gain insights into how developers learn, the importance of asynchronous learning, and the role of incentives in security training. Understand the implications of these findings for application risk managers and those relying on training as part of their application security strategy.