A security-aware software stack can provide real-time feedback on vulnerabilities in your code as well as attacks on your apps/APIs in production. Scanners and firewalls are slow and error-prone because they don’t have enough context about what’s happening in running code. But if we enable your software stack, including language runtime, application server, framework and libraries, with the right instrumentation, it can provide frictionless, highly accurate feedback on both vulnerabilities and attacks. In this talk, you’ll learn how you can use runtime protection to automatically harden your stack with trust boundaries that surround dangerous capabilities. We’ll demonstrate how these trust boundaries can instantly alert developers when these dangerous capabilities are used insecurely and introduce vulnerabilities (like SQL injection or Log4Shell). We’ll also show how these trust boundaries can both alert when code is under attack and even prevent code from being exploited.