Explore a conference talk from AppSec California 2016 that delves into preventing security bugs through software design. Learn how to shift the burden of security from developers to API designers by creating constrained yet expressive APIs that make it nearly impossible to write vulnerable code. Discover designs for injection-proof SQL query APIs and XSS-proof HTML rendering APIs, combined with machine-checked coding guidelines. Gain insights from Google's successful implementation of these approaches, which have significantly reduced security vulnerabilities in their flagship projects. Understand the limitations of traditional security measures and the potential of innovative API design in addressing common application-level security defects like SQL Injection and Cross-Site Scripting.