The group started by discussing some of the more old-fashioned applications they had in their environment and then moved into a discussion of configuration security vs. autonomous security. In the case of WAFs, this involves learning the attacks, and then applying rules vs. applying machine learning and AI in order to augment existing configurations.
The group then shifted their focus towards DevSecOps, and how security can be integrated into the development cycle. As part of this topic, the group further discussed the role that containers play and where capabilities and operations that use them can be shifted. The group also talked about the differ types of scans that can be done on an application, and focused on the advantages of dynamic scanning, RASP, and IAST, options. It takes much more time to run older technologies on new processes. However, by using RASP and IAST, you can instead preserve more viable times for builds.