For 20 years, OWASP has been recommending two approaches to achieving trustworthy software: people and perimeters. The people approach is attempting to coerce your developers into making perfect software with requirements, vulnerability testing, threat modeling, security architecture, training, etc... The perimeter approach is attempting to monitor network traffic and perfectly detecting and blocking attempts to exploit vulnerabilities. Unfortunately, and despite Herculean effort by smart and dedicated people…these approaches simply aren't working. But there is a third approach.... consider how ASLR and DEP changed the curve on kernel exploits in the mid-2000's. Imagine we could automatically inject exactly the right defenses into your code, in exactly the right places, without having to change anything about the way you develop, build, test, or deploy your applications. In this talk, you’ll learn how easy it is to eliminate entire classes of vulnerability, like those in the OWASP Top Ten, by automatically infusing simple, lightweight trust boundaries into apps/APIs. This "runtime protection" is available in for a huge range of languages and platforms, and is widely used in large companies to secure apps/APIs at massive scale with almost no performance impact. Forrester reports 65% of companies are adopting runtime protection and 17% of companies are planning to adopt. Attendees will learn how runtime protection works, how you can deploy at scale, and about accuracy and performance. But more importantly, we'll explore real world runtime protection use cases that will benefit your entire appsec program, your development teams, and even your security culture.