AWS Shared responsibility model means that you must secure your code!
As development methodologies such as DevOps and Agile have taken hold, AppSec has not kept pace. Legacy scan based and perimeter based approaches add false positives and drag on software development and deployment
Furthermore, migrations to the cloud renders many on premise approaches infeasible
The answer is to embed AppSec *into* your applications – security travels with your workloads, wherever they run