This document discusses integrating application security (AppSec) into agile development processes like DevOps. It begins with an overview of moving from traditional waterfall development with separate AppSec to integrating AppSec into agile feature-driven development (FDD) and test-driven development (TDD). The rest of the document details a two-phase approach: first, implementing security FDD by adding AppSec activities to each stage of FDD; second, implementing DevSecOps by adding automated security testing and monitoring throughout TDD. Key aspects covered include threat modeling, static/dynamic testing, monitoring and response.