I've been interviewing for both of these roles recently and I swear, even after a good amount of interviews, they appear to be so similar. In a traditional sense, what truly is the difference? Which one is a better choice for pay/future demand? Blind Tax: 12 exp/250k
AppSec is better for future pay—easier to move from general AppSec (pentesting, code/design review, PM, cloud infra) to DevSecOps than the other way around.
valid points
App security is focused on vulnerabilities in source code whereas devsecops focuses on securing the infrastructure where the application will be hosted in.
DevSecOps is also concerned with source code (SAST), and is only marginally concerned with infrastructure (as it relates or applies to continuous deployment). AppSec is an umbrella term which contains DevSecOps.