Explore techniques and challenges in testing and protecting modern service-based web applications, focusing on APIs, REST and SOAP services, and custom interfaces. Delve into the limitations of traditional static (SAST) and dynamic (DAST) scanners when applied to APIs. Learn about security instrumentation for identifying vulnerabilities in APIs during development and implementing protection in production environments. Examine how instrumentation, which has revolutionized performance management, can be applied to application security for APIs. Discover how this approach can integrate with various development methodologies, scale to entire application portfolios, and potentially transform application security practices. Gain insights into securing applications running technologies like Spring Security, Spring Boot, and Angular JS.