As a defender we’ve seen the landscape change over the last few years. A shift to cloud, better endpoint detection capabilities, and overall acceptance of leveraging threat intelligence. All these items are advantages for SOC personnel, but how are we incorporating application security? The idea of “shifting left” is based upon secure SDLC, but how do we build detection, response, and monitoring of applications into the SOC? The normal gambit of next-generations firewalls and antivirus products aren’t applicable as applications differ from build to build. This talk will focus on building out capabilities to help defenders identify attacks against the application, build detection mechanisms and how to leverage this information for triage.