For too long, application security has been "experts-only" and practiced one-app-at-a-time. But modern software development, both technology and process, is mostly incompatible with this old approach and legacy appsec tools. Software development has been transformed by practices like Continuous Integration and Continuous Integration, and the time has come to bring these efficiencies to security. In this talk, Jeff will show you how you can evolve into a "Continuous Application Security" organization that generates assurance automatically across an entire application security portfolio. Jeff will demonstrate how open-source tools (including OWASP ZAP, Mozilla's Minion, Gauntlt, and others) can be integrated to provide a comprehensive real time application security dashboard. With this approach, we can leverage the power of big data analytics to gain unprecedented insight into enterprise application security and finally focus on enterprise application security strategy rather than simply chasing the next XSS. Before you come to this talk, be sure to check out "Application Security at DevOps Speed and Portfolio Scale" for some background.