How Developers Influence Application Security Strategies