IAM and security must be on the same page regarding web application development to facilitate proper access. What coding practices and assessment practices should web developers use? What tools are out there to help (OWASP)? Do we need cross-site scripting and pup code review to ensure proper leveraging of enterprise IAM or should web applications manage their own IAM/account data? This session will discuss strategies for how to include security and access requirements in the development process and code.