Explore practical tips for web application security in the age of agile and DevOps in this 53-minute conference talk recorded at AppSecUSA 2016. Learn how to adapt traditional heavyweight security controls to lightweight efforts suitable for modern development practices. Discover techniques for obtaining visibility that enables rapid iteration, and gain insights on measuring security maturity in a non-theoretical way. Delve into topics such as static analysis, dynamic scanning, proactive alerting, and attack-driven defense. Benefit from real-world examples and experiences shared by Zane Lackey, Founder/Chief Security Officer at Signal Sciences and former Director of Security Engineering at Etsy.