Web & Application Security plays an important role in the information security. Continuous software development and integration mandates continual assurance with security code review and application testing. Highly functional websites, applications and APIs are instrumental in driving adoption of new digital business models, but also increases risk exposure of the organisation. A rapid and continuous software development model, coupled with deeper visibility and access into the enterprise’s operational systems, dictates security assurance embedded in the software development life-cycle and is applied to emerging micro-service and monolithic software architectures alike.