Being one of the few devs with an interest in security, I have seen quite a few rants on what developers need to learn from the infosec profession. Yet most of these talks are given at security conferences. Out of the few dev conferences, I can count the number of security talks on one hand, and even then it ended up being a walkthrough of the top 10 OWASP vulnerabilities website. This has got to change, and hope to shed some insight or a few WTF moments.