What do developers need to know about information security? Carl and Richard talk to Kim Carter about his experiences helping developers secure their web sites. Kim has written a series of books on the subject to help get developers thinking about infosec as they develop, rather than try and cram security on at the end of a project. All kinds of great tools in the show links, including OWASP ZAP, which does fast penetration testing on your site - you can incorporate it into your build process so that your code is security tested as you’re building it! InfoSec isn’t optional, you need to make it part of your routine development process!