The best way to build secure systems is to stop writing security-related code on a daily basis. Developers have their hands full with complex systems, confusing business rules, technical edge cases, responsive UIs, etc. Security requirements, when they even exist, are repetitive to implement, hard to test, and often get crowded out by other demands. When developers handle security on a feature-by-feature basis, the result is a wildly inconsistent mess of security holes. In this session developers and architects will learn real-world techniques for designing security into the application framework itself, rather than leaving it up to individual features. You’ll see how to implement access control in your data access layer, declaratively handle permission checks with Attributes and Annotations, automate security testing with static analysis, and more. Come learn how secure software *design* can dramatically reduce the day-to-day burden of secure *coding*. Code samples will be in C# and ASP.NET MVC, but the focus will be on techniques and concepts that easily generalize to other platforms.