Several methods exist for protecting applications from attackers outside of secure coding practices. Most of these, however, require piling on extra layers of security in the form of web application firewalls (WAFs), web server modules, or complex middleware. In this talk we discuss a different approach: self-defending applications. Instead of relying on adding devices and middleware layers (which potentially introduce additional network latency and points of failures) we focus on teaching an application to fend for itself.