Looking at available tools and features, it is easy to conclude that AppSec is shooting for the moon. Modern frameworks build security in by default, and vulnerable technologies are replaced by more secure alternatives. But regardless of all these good intentions, we see the same vulnerabilities popping up over and over again. Are we just careless when building applications, or is AppSec too hard? Throughout this talk, we review various cases where frameworks and libraries get in the way of security, paving the way for application-level vulnerabilities. With practical examples, we investigate more robust approaches to application security. The patterns we discuss will not only help you to improve the security of your applications but also make application security more manageable at scale.