Explore framework security and developer-friendly approaches to application security in this AppSecEU 2016 conference talk. Delve into the fundamental problems of data escaping and structural validation, examining the root causes of vulnerabilities. Challenge common misconceptions about blame attribution and evaluate the limitations of Web Application Firewalls. Discover the concept of self-defending frameworks and their potential to revolutionize security without code changes. Learn about context-aware escaping, edge cases, and performance considerations. Gain insights into XSS protection, authentication, and cross-site scripting through practical examples and demonstrations.